Re: Question about sieve language

[Tom Hendrikx via dovecot]

On 14-03-2024 12:51, Ralph Seichter via dovecot wrote:

* Tom Hendrikx via dovecot:


Or in readable sieve: [...]


Do you mean to imply that regular expressions are not readable? ;-) All
it takes is a little practice. Besides, regex are more efficient. It is
well worth learning about them, and regex are really not as bad as some
make them out to be.



In general, I think regular expressions are fine, but less readable than 
simple statements (I'm well versed in regex).


The one thing that made me fall in love with sieve is the fact that the 
syntax is so wonderfully clear and self-documenting, almost readable as 
normal language. I never need to add comments to a sieve script 
explaining to my future self what a specific rule tries to achieve.


And given the amount of work that a sieve script does, I don't think 
that optimization is something you should strive for, when you have to 
trade it for readability and clarity.


Just my preference :)

Kind regards,
Tom
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Question about sieve language

[Tom Hendrikx via dovecot]

On 13-03-2024 17:36, Ralph Seichter via dovecot wrote:

* Lev Serebryakov:


I need to match all messages sent from some specific domain and all
its sub-domains.


I prefer using regular expressions for this kind of tests:

   if address :regex "From" "[@.]example\.(com|org)$" {...}

This will match all addresses for example.com, example.org and their
respective subdomains.



Or in readable sieve:

if anyof (
address :domain :is "From" "example.org",
address :domain :contains "From" ".example.org"
) { keep; }

Which might match "subdomain.example.org.gotcha.com", but how often 
would that happen?


Kind regards,

Tom
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Abort IMAP COPY command from imapsieve?

[Tom Hendrikx via dovecot]

Hi,


I'm finding myself regularly moving messages to the wrong folder in my 
MUA. Most of the time this is easily corrected, but sometimes this is a 
bit harder. Imagine selecting all messages in the 'Trash' or 'Junk' 
folder, and moving them in the 'Archive' folder (by clicking on the 
MUA's 'Archive' button in stead of the 'Delete' button).


I'm looking into blocking this server-side using an IMAPSieve script. So 
far I've been able to log relevant details of such a message move, but I 
don't how I can abort the message move altogether. I'm now using the 
following config, which result in log messages like:


dovecot: 
imap(t...@example.org)<540588>: sieve: 
DEBUG: move-to-archive: Message archived: mailbox-from=INBOX 
mailbox-to=Archives.2023 
message-id=<648ab0b4-8439-4b2d-8e53-b97e700ff...@mail.example.org> 
subject='Testing IMAPSieve'


File: dovecot.conf
-
protocol imap {
  mail_plugins = $mail_plugins imap_sieve
}

plugin {
  sieve_plugins = sieve_imapsieve
  sieve_implicit_extensions = +vnd.dovecot.debug

  # Find out how to block messages from being from 'Trash' to 'Archive' 
folder

  imapsieve_mailbox1_name = Archives.*
  #imapsieve_mailbox1_from = INBOX
  imapsieve_mailbox1_before = 
file:/etc/dovecot/sieve-scripts/move-to-archive.sieve

}
-

File: move-to-archive.sieve
-
require "environment";
require "variables";
require "vnd.dovecot.debug";
require "vnd.dovecot.imapsieve";

if header :matches "Message-ID" "*" {
set "message_id" "${1}";
} else {
set "message_id" "UNKNOWN";
}

if header :matches "Subject" "*" {
set "subject" "${1}";
} else {
set "subject" "UNKNOWN";
}

if environment :matches "vnd.dovecot.mailbox-from" "*" {
set "mailbox_from" "${1}";
} else {
set "mailbox_from" "UNKNOWN";
}

if environment :matches "vnd.dovecot.mailbox-to" "*" {
set "mailbox_to" "${1}";
} else {
set "mailbox_to" "UNKNOWN";
}

debug_log "move-to-archive: Message archived: 
mailbox-from=${mailbox_from} mailbox-to=${mailbox_to} 
message-id=${message_id} subject='${subject}'";

-

I tried the "reject" sieve command but that only works in the context of 
delivery. Is there a way to abort the actual move, and return an error 
to the MUA? Or am I on the wrong track altogether, and is there a better 
approach?



NB: While doing research I found that not all environment variables in 
RFC 6785 (https://www.rfc-editor.org/rfc/rfc6785.html#section-4) are 
implemented in Pigeonhole? I tried to access the 'imap.cause' and 
'imap.mailbox' variables but they were empty, only the variables from 
RFC 5183 seem to be available. This is inline with the docs at 
https://github.com/dovecot/pigeonhole/blob/main/README, but not with 
https://github.com/dovecot/pigeonhole/blob/main/doc/plugins/imapsieve.txt 
and 
https://doc.dovecot.org/configuration_manual/sieve/plugins/imapsieve/, 
which both seems to imply that RFC 6785 is implemented?


Kind regards,

Tom
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: User-configurable time-based mail deletion in specific folders

[Tom Hendrikx via dovecot]

Hi,

A bit late to the party, but I just ran into some docs that say that 
protonmail has a sieve extension that supports this: 
https://proton.me/support/sieve-advanced-custom-filters#managing-expiration. 
I'm not finding any source code though...


Kind regards,

Tom

On 25-02-2024 17:14, Aki Tuomi via dovecot wrote:

Hi!
  
You could return from userdb namespace/foo/mailbox/bar/autoexpunge=15d
  
to set per-user per-mailbox retention policies.
  
Aki

  On 25/02/2024 10:38 EET Rupert Gallagher via dovecot
   wrote:
   
   
   Things like this should be done locally on the Mailclient

   (MUA), IMHO.
   
  If you are a company, then you must delete old e-mails automatically,

  by GDPR law.
   
   Original Message 

  On Feb 21, 2024, 23:25, Steven Varco < dovecot@bbs.varco.ch>
  wrote:
   
   Am 21.02.2024 um 21:25 schrieb Peter Reinhold : > > Hi > I

   have been wondering about if Dovecot has a feature that
   would allow users to > setup a rule for a given folder,
   that mails older than X days should be > deleted? > Or is >
   this something that would need to be done by an external
   script? Yes. It goes beyond of what I expect from an IMAP
   server. > I have looked a bit at autoexpunge, and while the
   basic feature looks to be > what I need, it doesn't seem to
   be configurable down to a specific folder on a > single
   user. Things like this should be done locally on the
   Mailclient (MUA), IMHO. Steven -- https://steven.varco.ch/
   https://www.tech-island.com/
   ___ dovecot
   mailing list -- dovecot@dovecot.org To unsubscribe send an
   email to dovecot-le...@dovecot.org
   Things like this should be done locally on the Mailclient
   (MUA), IMHO.
   
  If you are a company, then you must delete old e-mails automatically,

  by GDPR
  law.
   
   
   
   Original Message 

  On Feb 21, 2024, 23:25, Steven Varco < dovecot@bbs.varco.ch>
  wrote:
   
   Am 21.02.2024 um 21:25 schrieb Peter Reinhold : > > Hi > I

   have been
  wondering about if Dovecot has a feature that would allow users to >
  setup a
  rule for a given folder, that mails older than X days should be >
  deleted? > Or
  is > this something that would need to be done by an external script?
  Yes. It
  goes beyond of what I expect from an IMAP server. > I have looked a
  bit at
  autoexpunge, and while the basic feature looks to be > what I need,
  it doesn't
  seem to be configurable down to a specific folder on a > single user.
  Things
  like this should be done locally on the Mailclient (MUA), IMHO.
  Steven -
  - https://steven.varco.ch/ https://www.tech-island.com/
  ___ dovecot mailing list
  -
  - dovecot@dovecot.org To unsubscribe send an email to dovecot-
  le...@dovecot.org
   
  ___

  dovecot mailing list -- dovecot@dovecot.org
  To unsubscribe send an email to dovecot-le...@dovecot.org
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: A bug and a misleading description

[Tom Hendrikx via dovecot]

On 01-01-2024 13:53, David Van Edwards wrote:

!. I have just tried deleting Sent messages and when I put the search string 
1:200 in only one message was deleted. And when I put in 1:500 again only one 
message was deleted. In both cases a green message box came up saying the 
operation was successful.

2. I successfully deleted 1000 messages from my Inbox using the search string 
1:1000 but it was not clear to me that this would delete the 1000 most RECENT 
emails, not as I imagined the FIRST 1000 emails counting from the beginning. Is 
that the case? It certainly seems to have been the result and it’s rather 
upsetting.

Should your documentation make it clear whether 1:1000 is counting forwards or 
backwards?



Hi David,

Dovecot is a server application, it doesn't display a 'green message 
box' or something like that. This is probably your mail client 
acknowledging that it did what you asked from it. That might not 
necessarily be the same as you expected it to do: I've never seen a mail 
client that allows you to send an IMAP DELETE command with a 1:200 range 
from the GUI.


Maybe you should describe in detail:

- What mail client you are using to perform tests, and how you executed 
them.

- On which documentation you based your search strings.
- What version of Dovecot you are using, and maybe the output of 
'doveconf-n'

- What Dovecot logged when you performed your tests.

When logging is unclear or sparse, maybe enable mail_debug before you 
start the test to get more detail. See 
https://doc.dovecot.org/admin_manual/debugging/mail_debugging/


Probably I don't know the answer to your questions, but giving explicit 
information might help others to help you :)


Kind regards,
Tom
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: dovecot username with domain

[Tom Hendrikx via dovecot]

On 19-09-2023 22:36, Dave McGuire wrote:

On 9/19/23 16:34, Michael Grant wrote:


Thanks, I was hoping for something less complicated.  I found
   auth_username_format %n
which drops the domain if supplied.  Unfortunately my imap username
isn't 'mgrant'.  Probably i could make this work if there was no other
way.  This forces me to have my IMAP password the same as my unix
password.

I probably should move to virtual users for everyone on my box but
that's not so easy.  I was hoping there was some way i could translate
individual users which would make this transition easier.


You could have virtual users with any username (matching the required 
format for 'New Outlook') and password in an SQL passdb + userdb, and a 
second backend for the system users (PAM probably) as a fallback.


The docs describe this precise scenario at: 
https://doc.dovecot.org/configuration_manual/authentication/multiple_authentication_databases/



Regards,
Tom
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: dovecot username with domain

[Tom Hendrikx via dovecot]

On 19-09-2023 22:36, Dave McGuire wrote:

On 9/19/23 16:34, Michael Grant wrote:


Thanks, I was hoping for something less complicated.  I found
   auth_username_format %n
which drops the domain if supplied.  Unfortunately my imap username
isn't 'mgrant'.  Probably i could make this work if there was no other
way.  This forces me to have my IMAP password the same as my unix
password.

I probably should move to virtual users for everyone on my box but
that's not so easy.  I was hoping there was some way i could translate
individual users which would make this transition easier.


You could have virtual users with any username (matching the required 
format for 'New Outlook') and password in an SQL passdb + userdb, and a 
second backend for the system users (PAM probably) as a fallback.


The docs describe this precise scenario at: 
https://doc.dovecot.org/configuration_manual/authentication/multiple_authentication_databases/



Regards,
Tom
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Documentation issue: incorrect link

[Tom Hendrikx via dovecot]

Hello,

In the second paragraph at 
https://doc.dovecot.org/configuration_manual/sieve/extensions/duplicate/, 
a link is included to RFC7353, but this RFC is not related to sieve at 
all. I think the correct RFC to link is RFC7352, like in the first 
paragraph.


Kind regards,
Tom
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: dovecot sasl with postfix, smtp auth not available

[Tom Hendrikx via dovecot]

Hi,

There is also a feature in postfix where AUTH is only advertised over 
TLS (i.e. port 465, or port 25/587 after STARTTLS).


https://www.postfix.org/postconf.5.html#smtpd_tls_auth_only

On 23-04-2023 14:41, Badli Al Rashid wrote:

 > logs
No logs as I have to redo a new setup.

 > bound to fail
I was only trying to check if the smtp-auth is advertise by doing ehlo.

 > where is this change ?
My client ip was listed in sorbs.net. I could not connect to the smtp 
server.


 > how do you know its postfix ?
Because i did an apt install postfix on the node. dovecot is on the same 
node.


Regards,
-badli


*From:* Benny Pedersen 
*Sent:* Sunday, April 23, 2023, 20:22
*To:* dovecot@dovecot.org 
*Subject:* Re: dovecot sasl with postfix, smtp auth not available

Badli Al Rashid skrev den 2023-04-23 13:06:


My apologies, i am not using dovecot for submission server using
postfix with dovecot-sasl.


then post doveconf -n that shows it


I was not able to authenticate if I use a webmail when testing using
username to authenticate with smtp connection it fails.


logs


I could authenticate normally using port 465 / 587 but it is block at
the moment.


where is this change ?


When checking there was no smtp-auth on the smtp listed. I tried to
enable it on postfix
smtp_sasl_auth_enable, but it is was not advertise.

# telnet 127.0.0.1 25


bound to fail


Should the smtp be advertise with smtp-auth when dovecot-sasl is
enable on the postfix ?


how do you know its postfix ?

to help more its esitiential to know witch part failing

random questions gives random answers

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org


___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Thousands of SSL certificates stalls new logins during reload - problem with Dovecot config process

[Tom Hendrikx]

Hi,

Isn't the easiest way to solve this to reconfigure the SSL cert update 
process to reload dovecot only once a day? It isn't that an update to an 
SSL cert should be imminent: normally you can take your time and plan 
carefully. This situation seems to me something like using the default 
scripting that comes with standard small-scale LE certificates, which is 
simple not suitable for the big-scaled setup of the OP.


Only adding new certs/domains could be something that needs to be done 
directly, depending on the business case of the OP.


Kind regards,
Tom

On 02-09-2022 22:45, John Stoffel wrote:

"Bartosz" == Bartosz Kwitniewski  writes:



Out of other services on that machine that are able to handle such
number of certificates during reloads:
- proftpd loads configs dynamically based on SNI domain
- exim loads certificates dynamically based on SNI domain
- LiteSpeed switches to a new process after loading whole configuration


Are you running all these services on one machine?  Maybe you could
get an SSL termination device which terminates the SSL connections and
then forwards them into the proper backend application?  This way only
one system needs to be managed for certs, and only one (or two since I
assume you have an HA pair :-) needs to then reload when new certs are
inserted.

If you could hack the proftpd cert code into dovecot, that might also
be a way around it.  I haven't a clue how this works since I haven't
looked at either code base.  It won't be simple, but I'm sure others
would apprecaite it.

If it's critical, paying for the feature to be added is another
option.



Best regards,
--
Bartosz Kwitniewski



On 02/09/2022 14:52, Felipe Gasper wrote:

For hosting environments--where TLS certs can change hundreds of times in a 
matter of minutes--it would be a boon for Dovecot to load those certificates 
dynamically rather than all at once.

Pure-FTPd implements a nice solution to this: a standalone service that fetches TLS 
certificates & keys. Documented here:

https://github.com/jedisct1/pure-ftpd/blob/9d25440e5b5283fbeca94dd0595aa6672c3f8428/README.TLS#L161

-FG



On Sep 2, 2022, at 08:44, Bartosz Kwitniewski  wrote:

Hello,

I'm running a dovecot 2.3.19.1 server that has around 6000 SSL certificates in 
separate config files, each containing:
local_name "domain" {
ssl_cert = ...
ssl_key = ...
}
When new certificate is added, dovecot is reloaded (around 20 times a day). 
When dovecot is being reloaded, users are unable to log in for around 30 
seconds.

The main problem here seems to be that during reload, new config process is 
immediately designated as the one serving config requests and then it starts 
parsing config files, which takes around 20-30 seconds. If it would parse 
config files first, and only then would become a new process for serving config 
requests, then it would probably solve the problem. Or perhaps there is a 
better way to load new certificates or a way to optimize?

There is another problem with config process and shutdown_clients=no. We do not 
want to disconnect users during reload, because e.g. Thunderbird displays a 
popup that server is shutting down. When there are long lasting IMAP 
connections from Google and other services that aggregate e-mail, old config 
process is not being killed. Because config process with ~6000 certificates is 
using ~1 GB of RAM, it can quickly rise to 20 GB of memory used. This is not a 
big issue however, because we have created a task that kills old processes, but 
there could be a built-in mechanism to solve that problem.

I have created minimal configuration and scripts to recreate problem. 
Reproduction steps below.

(...)

Re: Duplicate plugins - FTS Xapian

[Tom Hendrikx]

On 31-08-2021 12:01, Aki Tuomi wrote:



On 31/08/2021 10:56 Felix Zielcke  wrote:

  
Am Dienstag, dem 31.08.2021 um 10:33 +0300 schrieb Aki Tuomi:



On 31/08/2021 00:11 Joan Moreau  wrote:


Hi
There seems to be 2 plugins doing the same thins
- https://github.com/slusarz/dovecot-fts-flatcurve/
- https://github.com/grosjo/fts-xapian/ (mine)
Both are in the doc of dovecot
https://doc.dovecot.org/configuration_manual/fts/

I am currently working hard to push it to RPM package, and plugin
is already approved by ArchLinux and Debian

Isn't there double work here ?
Thanks
JM


If you look closer, you can see they are not exactly duplicates.
Flatcurve works differently than your plugin.

Aki


Is there somewhere a direct comparison of them?
I currenty use fts-xapian from Joan without problems.
But what would be the advantages of fts-flatcurve over fts-xapian?


fts_flatcurve does only full word searching, although you can use fts_filters 
and fts_tokenizers settings to affect stemming and other matching to make it 
work with plurals and such.

Both plugins have their merits.


I still think it's weird to see that Open-Xchange starts a FTS Xapian 
plugin with mostly the same basic functionality that is already 
available in an existing plugin maintained by someone in the community 
Especially if that happens without any (apparent) communication with the 
existing plugin developer to find out whether fixing the issues that 
slusarz/Open-Xchange seem to have with the existing plugin, can be fixed.


Combining forces just seems a better way to spend scarce development 
resources than building something similar (but different) without any 
communication.


(Note: I don't use any of these plugins).

My 2 cents,

Tom

Re: Ability to reject invalid client certificate at TLS handshake time

[Tom Hendrikx]

Hi,

Client certificate authentication simply replaces username/password 
authentication within the IMAP protocol. Before starting authentication, 
the client still needs to talk to the server, and the server still needs 
to announce that it is ready to accept your certificate.


On this website you'll find a nice picture of the global auth flow:
https://comodosslstore.com/blog/what-is-ssl-tls-client-authentication-how-does-it-work.html

Wouldn't it be much easier to just change the  banner to something less 
obvious than the default? Unauthenticated connections will still be able 
to see you have an IMAP server, but the fact that you're using Dovecot 
might be invisible. Switching to a non-standard port might also help to 
mislead network scanners.


However IMHO the fact that you're running a public network service will 
never change due to the fact that Dovecot is simply that: a public 
network service. Your focus should be on useful protection based on the 
assumption that an external attacker already knows that your server is 
there, not on trying to hide it.


Kind regards,
Tom

On 01-05-2021 14:04, Gert van Dijk wrote:

Hi,

After a bit of struggling I've been able to set up TLS client
certificate authentication with Dovecot for both IMAP and Submission.
Users are required to present a valid certificate, cool so far!

What I noticed however on non-StartTLS listeners IMAPS (993) and SMTPS
(465), is that during the TLS handhake presenting a valid client
certificate is seemingly optional and is only checked later at time of
protocol-level login (external auth in my case). I'd like to change
that for security purposes and also a bit of obscurity. Not having the
ability to interact with Dovecot on protocol level lowers the attack
vector as well as the ease of checking my network security. Also, it
would prevent (anonymous) network scanners to easily detect what kind
of service is running on the port as they can see the IMAP/SMTP banner
without presenting a valid TLS client certificate currently.

Is it possible in any version of Dovecot to configure it to set up a
TLS server listening context that requires a handshake with a valid
client certificate?

I'm using Dovecot 2.3.4.1 (actual Debian Buster version
2.3.4.1-5+deb10u6), but willing to upgrade to any newer version when
this is offered. Going through some newer revisions changelog this
seems not the case, so I didn't spend time on upgrading yet.

Relevant config snippets for IMAP authenticating proxy that I use
(something similar for Submission):

# Opens 143 on StartTLS and 993 in wrapped TLS-only mode.
# Only 993 is exposed to the internet.
protocols = imap
passdb {
  driver = static
  args = proxy=y host=10.1.2.3 port=1143 pass=masterpass nopassword=y
}
auth_username_format = %n
ssl = required
ssl_cert = 

Re: Processing incoming mail efficiently

[Tom Hendrikx]

On 30-01-2021 19:11, Ron Garret wrote:

Sorry, I left out a few details.

The filter actually has two parts, one of which is on the MTA side (a milter).  
That part does things like keep track of outgoing mail from authorized users so 
that it knows when an incoming message has a subject line that a user has sent 
out or is from a sender that a user has previously sent a message to.  Those 
are two very reliable ham signals.

The reason there is also a filter on the LDA side is that one of the filtering 
strategies I’m using is looking for two messages from two different previously 
unknown senders with the same subject received within a few minutes of each 
other.  This turns out to be a very reliable spam signal.  But it requires that 
messages with unknown provenance to be held in temporary storage for a while to 
see if another matching message comes in.  That message then needs to be 
processed as spam after the fact.



If you don't want to deliver the message to the inbox of the sender, you 
should just do that: don;t deliver it. Put it in some quarantine, and 
when you're sure you want it to end up in the mailbox of the user, pick 
up the message from quarantine and put it back in the mail queue, and 
have it delivered using the normal delivery route.


How you set up the quarantine is up to you. This could be a simple 
mailbox, which is reprocessed using a sieve filter (as you suggested). 
The most logical routine would then be to consume the message by the 
sieve filter, and then re-inject it in the mail delivery queue. But 
there are probably better solutions.


I suggest that you look into existing OSS quarantine solutions and learn 
from them, amavis or rspamd come to mind. IMHO you're still trying to 
re-invent the wheel :)


Kind regards,
Tom


rg

On Jan 30, 2021, at 9:56 AM, Tom Hendrikx  wrote:




On 30-01-2021 17:49, Ron Garret wrote:

I’ve asked a related question on this list before but I now have a much better 
handle on what I’m doing and I realize that I still don’t know the answer, so 
I’m going to ask this again in a slightly different form.
I’m writing a spam filter, so obviously I need to feed incoming mail to it 
somehow.  The “obvious” way to do this is with a sieve script using the pipe 
extension.  There are two problems with this:
1.  This will always pipe the entire file no matter how big it is.  The filter 
will often not need to process the body of the message, only the headers, or 
only the first part of a multipart MIME message.  Is there any way to allow my 
filter to open the file in which the message is stored rather than piping it a 
copy of the message?
2.  Once the filter has processed the message and decided if it’s spam it still 
needs to move the message to the appropriate folder (INBOX or Junk).  To do 
this it needs to somehow correlate the *content* of the message that was piped 
to it with the UID of the message that needs to be moved.  One way to do this 
is to pull out the message-id header and then use doveadm to find the file 
containing the message with that message-id, but there are two problems with 
this.  First, not all messages have message-ids.  I can work around this by 
adding my own message-id to messages that don’t already have them, but this 
just feel wrong.  And second, unless dovecot keeps an index of message-ids 
(does it?) then this will be horribly inefficient because it will have to 
essentially grep for the message id every time I want to move a message.  So it 
seems like there has to be a better way, but I can’t think of what that would 
be.


Normally the flow is a bit different:

You configure the spam/content filter in your MTA (for instance SMTP-proxy, 
pre-queue, milter or post-queue content filter). The main benefit of doing this 
type of work in the MTA is that you have the ability to reject blatant spam 
messages during the SMTP stage. This means that you don't have to store the 
spam at all, you simply tell the sending server that you don't want to accept 
the message, and the sending server will have to deal with that decision (f.i. 
by sending a non-delivery notice to the sender).

The spam filter will add headers to the incoming message. If you decide to 
accept it, you can configure Sieve to deliver the message to the Inbox or the 
Junk folder. A nice implementation is 
https://doc.dovecot.org/configuration_manual/sieve/extensions/spamtest_virustest/),
 but can of course wrangle your own sieve recipes.

Spam scanning during the delivery phase (f.i. with a sieve filter) is less 
common because it has a few downsides.

So to answer your questions:

1. Your content filter can be a spam filter, but it might also be an antivirus 
scanner. The latter is of course very interested in the complete e-mail 
including all attachments. So most setups try so send the complete message. 
There are also implementations that ignore messages with a size above a certain 
threshold, or others which just ignore the data after

Re: Processing incoming mail efficiently

[Tom Hendrikx]

On 30-01-2021 17:49, Ron Garret wrote:

I’ve asked a related question on this list before but I now have a much better 
handle on what I’m doing and I realize that I still don’t know the answer, so 
I’m going to ask this again in a slightly different form.

I’m writing a spam filter, so obviously I need to feed incoming mail to it 
somehow.  The “obvious” way to do this is with a sieve script using the pipe 
extension.  There are two problems with this:

1.  This will always pipe the entire file no matter how big it is.  The filter 
will often not need to process the body of the message, only the headers, or 
only the first part of a multipart MIME message.  Is there any way to allow my 
filter to open the file in which the message is stored rather than piping it a 
copy of the message?

2.  Once the filter has processed the message and decided if it’s spam it still 
needs to move the message to the appropriate folder (INBOX or Junk).  To do 
this it needs to somehow correlate the *content* of the message that was piped 
to it with the UID of the message that needs to be moved.  One way to do this 
is to pull out the message-id header and then use doveadm to find the file 
containing the message with that message-id, but there are two problems with 
this.  First, not all messages have message-ids.  I can work around this by 
adding my own message-id to messages that don’t already have them, but this 
just feel wrong.  And second, unless dovecot keeps an index of message-ids 
(does it?) then this will be horribly inefficient because it will have to 
essentially grep for the message id every time I want to move a message.  So it 
seems like there has to be a better way, but I can’t think of what that would 
be.


Normally the flow is a bit different:

You configure the spam/content filter in your MTA (for instance 
SMTP-proxy, pre-queue, milter or post-queue content filter). The main 
benefit of doing this type of work in the MTA is that you have the 
ability to reject blatant spam messages during the SMTP stage. This 
means that you don't have to store the spam at all, you simply tell the 
sending server that you don't want to accept the message, and the 
sending server will have to deal with that decision (f.i. by sending a 
non-delivery notice to the sender).


The spam filter will add headers to the incoming message. If you decide 
to accept it, you can configure Sieve to deliver the message to the 
Inbox or the Junk folder. A nice implementation is 
https://doc.dovecot.org/configuration_manual/sieve/extensions/spamtest_virustest/), 
but can of course wrangle your own sieve recipes.


Spam scanning during the delivery phase (f.i. with a sieve filter) is 
less common because it has a few downsides.


So to answer your questions:

1. Your content filter can be a spam filter, but it might also be an 
antivirus scanner. The latter is of course very interested in the 
complete e-mail including all attachments. So most setups try so send 
the complete message. There are also implementations that ignore 
messages with a size above a certain threshold, or others which just 
ignore the data after a certain threshold. What filter are you trying to 
implement? Something off the shelf, or a homebrewn one? Why is it so 
hard to consume the whole message? Please explain :)


2. The normal flow is a bit different (as described above), but in 
general: the spam filter decides. Some (existing) filters take the whole 
message from the MTA, add headers and re-inject the message again.
Other filters use a mechanism (f.i. milter protocol) which allows them 
to consume only a part of the message, and in response they instruct the 
MTA to add the result headers. This means that the filters must support 
the protocol to the MTA, but it doesn't have to take care of 
re-delivering the message.


We need to know about the actual problem you're trying to solve. It 
sounds a lot like your trying to reinvent things that have been solved 
many times before. Please give a broader explanation of your specific 
problem and we can give you a better advice :)


Kind regards,

Tom

Re: Fail2ban and login_trusted_networks

[Tom Hendrikx]

Hi,

Ideally the webmail has it's own logfile, where it also emits error 
messages containing the ip-address of the failed login attempt. This 
could be as simple as a HTTP 401 error in the nginx/apache logfile on 
the webmail domain. You can then instruct fail2ban to read that logfile 
and disallow access to the webmail for the ip address.


In the end, the attempts try to access the webmail, and not the IMAP 
server directly. So it's better to block access to the webmail/web server.


Kind regards,
Tom

On 21-12-2020 11:16, Javi Legido wrote:

Hi there.

First of all many thanks to all the people involved in this project for 
their time, I really appreciate it.


Second my use case:

a) Container running Webmail (roundcube) with dovecot-ident plugin 
enabled 
.
b) Container running Dovecot  2.3.4.1 (docker-mailserver-mysql 
) with fail2ban 
enabled


Since I need to add the private IP address of the webmail to 
"login_trusted_networks" to "...allow to override their IP addresses and 
ports" I can keep login to webmail even though if the IP is blocked.


Question: there's any way to:

a) Allow a certain IP range to override it's IP address and ports (as in 
"login_trusted_networks") but

b) Be blocked, as any other incoming connections, by fail2ban?

More context. Once the public IP is banned (8.8.8.8 in this example):

```
2020-12-21 10:10:31,371 fail2ban.filter         [309]: INFO    [dovecot] 
Found 8.8.8.8 - 2020-12-21 10:10:31
2020-12-21 10:10:39,189 fail2ban.filter         [309]: INFO    [dovecot] 
Found 8.8.8.8 - 2020-12-21 10:10:39
2020-12-21 10:10:51,222 fail2ban.filter         [309]: INFO    [dovecot] 
Found 8.8.8.8 - 2020-12-21 10:10:51
2020-12-21 10:10:52,008 fail2ban.actions        [309]: NOTICE  [dovecot] 
Ban 8.8.8.8

```

I can't reach dovecot by telnet from this public IP:

```
telnet mail.example.com  143
Trying 9.9.9...
telnet: Unable to connect to remote host: Connection refused
```

Unless I removed the ban:

```
docker exec mail fail2ban-client set dovecot unbanip 8.8.8.8
```

Many thanks.

Javier

Re: DKIM fail if WHM adds Message-ID, should be Message-Id

[Tom Hendrikx]

On 12-10-2020 10:16, Robert Martin wrote:


I created a client library to send emails for a webapp.

After connecting to the SMTP server with credential setup in CPANEL, 
and then do NOT add Message-Id header, the DKIM signature 'h' record 
created by dovecot/WHM is wrong, and a Message-ID (with a capital D) 
header is added, invalidating the generated DKIM signature value.


This causes outlook, yahoo, gmail and other email recipients to add 
'dkim:fail' to the message, and thus relegate it to junk or spam.


The work around is to add to the message a Message-Id with a  little 
‘d’ header.  Then the SMTP server processes the email with the correct 
generated DKIM, correct DKIM ‘h’ record and does not add a Message-ID 
header.


My SMTP hosting providers that run the WHM/dovecot/CPANEL software are 
refusing to raise this as a bug and have requested that I do it.



Hi Robert,

Dovecot does not add DKIM headers, Dovecot doesn't even send email. 
Aside from that:


- The RFC states that "Message-ID" is the actual spelling: 
https://tools.ietf.org/html/rfc5322#section-3.6.4


- The DKIM signer implementation in CPANEL/WHM seems to do the right 
thing: It adds a Message-ID header if it's missing, and creates a DKIM 
signature. It seems unlikely that the CPANEL/WHM DKIM implementation 
generates invalid DKIM signatures for all Message-ID headers it 
generates, as lots of people would have issues with that.


It's unclear from your inital message what's wrong with the generated 
DKIM signature, and it's also unclear where the "Message-Id" header 
(with lowercase 'd') comes from. Could you please explain? Can you show 
full headers for a message with the broken DKIM and all the relevant 
headers?


Kind regards,

Tom

Re: [Sieve] Multiple email recipients, how?

[Tom Hendrikx via dovecot]

On 23-11-19 18:40, Ralph Seichter via dovecot wrote:

* Tom Hendrikx via dovecot:


There are nice tricks you can do with virtual alias maps and pcre
within postfix to split email to specific user accounts, which could
also accommodate other alias schemes than standard subaddressing (such
as yours).


Postfix supports sub-addressing out of the box, simply by setting the
"recipient_delimiter" configuration parameter[1].

-Ralph

[1] http://www.postfix.org/postconf.5.html#recipient_delimiter

Standard subaddressing is not able to support the addressing scheme the 
OP has in place. But there are other ways, such as pcre alias maps, that 
will solve his problem a lot easier than Sieve address parsing, without 
discarding the existing (albeit peculiar) subaddressing scheme. I just 
wanted to make sure that the OP was aware of this.


Kind regards,
Tom

Re: [Sieve] Multiple email recipients, how?

[Tom Hendrikx via dovecot]

On 22-11-19 22:48, Ralph Seichter via dovecot wrote:

* Robert via dovecot:


We use a simple system for routing emails to different email users by
postfixing the addresses with the actual user: xxxJohn@domain;
yyyJohn@domain etc all will be delivered to user John.
(This way John can invent a new email address on-the-fly and that will
be delivered to his email box.)


This seems like a strange way achieve flexible email addresses. Are you
aware of sub-addressing? It has been around for ages, and is supported
by Dovecot (and Gmail, incidentally).

Imagine an existing email account . If alice wants to
use a subadress, she signs up with , and Dovecot
can automatically place incoming mail for that address into INBOX/foo
(or just INBOX if INBOX/foo does not exist). Alice can use as many
sub-adresses as she needs without anybody making config changes.

Frankly, the Sieve-based approach you describe seems pretty complicated
in comparison.



From the OP it seems that they separate mail for different users not at 
the MTA level, but at at the user level using sieve. That seems very 
inefficient to me.


There are nice tricks you can do with virtual alias maps and pcre within 
postfix to split email to specific user accounts, which could also 
accommodate other alias schemes than standard subaddressing (such as yours).


Kind regards,
Tom

Re: Global duplicate filtering via Sieve

[Tom Hendrikx]

On 05-09-18 13:53, Hanno Stock wrote:
> Hi everybody,
> 
> I have the following problem:
> 
> Our mail users are receiving mails from externally defined mail
> forwardings and lists which sometimes leads to duplicate messages. As
> far as I understand, a single user can use the Sieve duplicate extension
> for filtering out such duplicate messages.
> 
> Would it be feasible to add a script with sieve_before that does this
> for all users?
> 
> Do scripts that run from sieve_before store persistent data also on a
> per-user basis, i.e. in the user's home dir?

sieve_before is a global parameter to define a script that is ran for
all users. It still runs in the context of a user (or more correct: in
the context of a mailbox).

If you want to enable deduplication of messages within the context of a
single mailbox for all your users, then sieve_before is a good way to
achieve this.

> 
> Thanks for your help!
> 
> Best regards
> 
> Hanno
> 




signature.asc
Description: OpenPGP digital signature

Re: Dovecot pop3d and imapd problem

[Tom Hendrikx]

Hi,

The OS packges you mention went missing. So it would be the most logical
step to find a support forum (mailing list, web forum, bug tracker) for
your OS, and post this question there In general, people can help you
find out what happened with those packages, and when they were
uninstalled. You are talking about dpkg and apt, so a debian mailing
list or a forum like askubuntu.com might be the best way to go.


Kind regards,

Tom

On 23-07-18 09:30, John Paul Iglesia wrote:
> Then how this happened. Can you give me some pointers on how to trace
> this problem?
> 
> Please advise.
> 
> Thanks,
> 
> paul.tcbc
> 
> 
> On 07/23/2018 02:28 PM, Steffen Kaiser wrote:
> On Mon, 23 Jul 2018, John Paul Iglesia wrote:
> 
 Recently, i had issues on dovecot. All packages of dovecot were
 installed on my system then suddenly when I checked yesterday the
 packages for dovecot-pop3d and dovecot-imapd were no longer on the
 list of app installed.

 Because of this dovecot service stop running. I checked the apt
 history log, term log and even dpkg log, there were no information
 about removing the packages. It just shown on my apt list the
 packages were not longer there.

 I had to reinstalled these 2 packages just to make dovecot run and
 for me to be able to receive and send messages.


 What do you think is the problem, is it dovecot bug?
> 
> Dovecot does not entangle itself with the package management of the
> system. So: No, it's no Dovecot bug.
> 
> -- Steffen Kaiser
> 

Re: doveconf -n not showing all changes

[Tom Hendrikx]

Hi,

You could argue that doveconf trying to read a file to which it has no
access, could yield a warning in the output along the same lines as
invalid configuration lines. I don't know if it does that?

Regards,
Tom

On 28-12-17 16:38, Marc Weustink wrote:
> Sorry for the noise, local.conf wasn't readable by a normal user, so it
> wasn't tried (!include vs !include_try)
> 
> Marc
> 
> 
> 
> Marc Weustink wrote:
>> Hi,
>>
>> Today I was testing the last dovecot release 2.3 from the dovecot repo
>> on ubuntu 16.04. (I upgraded from 2.2.23)
>> I cannot recall if I noticed it before, but doveconf -n not showing
>> all changes.
>>
>>
>> To be able to track my changes, I don't touch the config files
>> provided in conf.d/ anymore, but I write them in local.conf (I did in
>> the past so doveconf -n still shows something)
>>
>> I was testing the new submission service so I added to local.conf:
>>
>>
>> protocols = imap pop3 lmtp sieve submission
>> service submission-login {
>>    inet_listener submission {
>>  # test
>>  port = 588
>>    }
>> }
>> submission_relay_host = 127.0.0.1
>>
>>
>> after restarting dovecot, submission works, mails get relayed. However
>> doveconf -n shows:
>>
>> protocols = imap pop3 lmtp sieve
>>
>>
>> This is very confusing.
>>
>> Marc
> 

Re: Log rotation and combining...

[Tom Hendrikx]

HI,

Do you have selinux activated? Maybe the context for logrotate does not
allow accessing files under /home, and the root cli is not troubled by
such a limitation? Why are you storing log files under /home anyway?

Note: I don't use any OS with selinux, so can't really help with fixing
this an issue.

Regards,
Tom

On 17-11-17 22:42, SH Development wrote:
> So, the question is, why can I rotate the log manually, but cron returns a 
> permission error?  Do I need to tell cron to run it as sudo or something like 
> that?
> 
> Ethon
> 
>> On Nov 17, 2017, at 2:29 AM, Tom Hendrikx <t...@whyscream.net 
>> <mailto:t...@whyscream.net>> wrote:
>>
>> Hi,
>>
>>
>> Your crontab should normally mail you error output. But you can also run
>> the logrotate command manually, in verbose mode.
>>
>>
>> Kind regards,
>>  Tom
>>
>> On 17-11-17 03:35, SH Development wrote:
>>> That doesn’t seem to work either.  Where do I find logs for log rotation to 
>>> see the reason it failed?
>>>
>>> Ethon
>>>
>>>
>>>
>>>> On Nov 16, 2017, at 7:53 PM, Bill Shirley <b...@knoxvillechristian.org 
>>>> <mailto:b...@knoxvillechristian.org> <mailto:b...@knoxvillechristian.org 
>>>> <mailto:b...@knoxvillechristian.org>>> wrote:
>>>>
>>>> I believe you need a 'create' statement to set the permissions. Here
>>>> is an example for mariadb:
>>>> /var/log/mariadb/general.log
>>>> /var/log/mariadb/slow_query.log
>>>> /var/log/mariadb/error.log
>>>> /var/log/mariadb/mariadb.log {
>>>>create 640 mysql mysql
>>>>daily
>>>>minsize 30M
>>>>notifempty
>>>>rotate 3
>>>>missingok
>>>>compress
>>>>sharedscripts
>>>>postrotate
>>>> #   # just if mysqld is really running
>>>>if test -x /usr/bin/mysqladmin && \
>>>>/usr/bin/mysqladmin ping &>/dev/null
>>>>then
>>>>/usr/bin/mysqladmin flush-logs
>>>>fi
>>>>endscript
>>>> }
>>>>
>>>> Bill
>>>>
>>>>
>>>> On 11/16/2017 4:27 AM, SH Development wrote:
>>>>> I have recently noticed that my dovecot-deliver.log is huge and wanted to 
>>>>> start rotating it.  So a couple of questions:
>>>>>
>>>>> 1. Can the dovecot-deliver.log be combined with the maillog, that gets 
>>>>> rotated weekly?  If it can be done, is it advisable?
>>>>> Since the inception of this particular server, the log file has been 
>>>>> located in the /home/vmail directory.  Is there a reason it shouldn’t be 
>>>>> located in the /var/log directory with the maillog?
>>>>>
>>>>> 2. Separate from above, if I create a new logrotate script example as 
>>>>> follows:
>>>>>
>>>>> # dovecot SIGUSR1: Re-opens the log files.
>>>>> /home/vmail/dovecot-deliver.log {
>>>>>  missingok
>>>>>  notifempty
>>>>>  delaycompress
>>>>>  sharedscripts
>>>>>  postrotate
>>>>>/bin/kill -USR1 `cat /var/run/dovecot/master.pid 2>/dev/null` 2> 
>>>>> /dev/null || true
>>>>>  endscript
>>>>> }
>>>>>
>>>>> I get the following error only when cron tries to run it:
>>>>>
>>>>> /etc/cron.daily/logrotate:
>>>>> error: stat of /home/vmail/dovecot-deliver.log failed: Permission denied
>>>>>
>>>>>
>>>>> Owner on the log are vmail:vmail.  If I manually force logrotate on this 
>>>>> particular log, it works fine.
>>>>>
>>>>>
>>>>> Ethon




signature.asc
Description: OpenPGP digital signature

Re: Log rotation and combining...

[Tom Hendrikx]

Hi,


Your crontab should normally mail you error output. But you can also run
the logrotate command manually, in verbose mode.


Kind regards,
Tom

On 17-11-17 03:35, SH Development wrote:
> That doesn’t seem to work either.  Where do I find logs for log rotation to 
> see the reason it failed?
> 
> Ethon
> 
> 
> 
>> On Nov 16, 2017, at 7:53 PM, Bill Shirley > > wrote:
>>
>> I believe you need a 'create' statement to set the permissions. Here
>> is an example for mariadb:
>> /var/log/mariadb/general.log
>> /var/log/mariadb/slow_query.log
>> /var/log/mariadb/error.log
>> /var/log/mariadb/mariadb.log {
>> create 640 mysql mysql
>> daily
>> minsize 30M
>> notifempty
>> rotate 3
>> missingok
>> compress
>> sharedscripts
>> postrotate
>> #   # just if mysqld is really running
>> if test -x /usr/bin/mysqladmin && \
>> /usr/bin/mysqladmin ping &>/dev/null
>> then
>> /usr/bin/mysqladmin flush-logs
>> fi
>> endscript
>> }
>>
>> Bill
>>
>>
>> On 11/16/2017 4:27 AM, SH Development wrote:
>>> I have recently noticed that my dovecot-deliver.log is huge and wanted to 
>>> start rotating it.  So a couple of questions:
>>>
>>> 1. Can the dovecot-deliver.log be combined with the maillog, that gets 
>>> rotated weekly?  If it can be done, is it advisable?
>>> Since the inception of this particular server, the log file has been 
>>> located in the /home/vmail directory.  Is there a reason it shouldn’t be 
>>> located in the /var/log directory with the maillog?
>>>
>>> 2. Separate from above, if I create a new logrotate script example as 
>>> follows:
>>>
>>> # dovecot SIGUSR1: Re-opens the log files.
>>> /home/vmail/dovecot-deliver.log {
>>>   missingok
>>>   notifempty
>>>   delaycompress
>>>   sharedscripts
>>>   postrotate
>>> /bin/kill -USR1 `cat /var/run/dovecot/master.pid 2>/dev/null` 2> 
>>> /dev/null || true
>>>   endscript
>>> }
>>>
>>> I get the following error only when cron tries to run it:
>>>
>>> /etc/cron.daily/logrotate:
>>> error: stat of /home/vmail/dovecot-deliver.log failed: Permission denied
>>>
>>>
>>> Owner on the log are vmail:vmail.  If I manually force logrotate on this 
>>> particular log, it works fine.
>>>
>>>
>>> Ethon

Re: Sieve rules not processing

[Tom Hendrikx]

On 07-10-17 23:34, Stephan Herker wrote:
> On 10/7/2017 1:53 PM, Stephan Herker wrote:
>> I'm new to dovecot altogether and I have a working dovecot system. 
>> I'm trying to setup sieve for mail filtering.  If I run the debug
>> program sieve-test I get a positive result that it would have sorted
>> the mail appropriately, but the logs for lmtp don't appear to be
>> processing the rule.  Below is output of dovecot -n. Any help is
>> appreciated.  Thanks
>>



> So I figured out my own issue for anyone who reads this.  I had created
> a new ruleset and the way the plugin for sieve is setup I needed the
> rules to be in the managesieve ruleset.  Interesting that the sieve
> directory is defined, but it only read the first rule set.

There is always only one sieve script active, but you can include other
scripts from that active script, see f.i.
https://wiki2.dovecot.org/Pigeonhole/Sieve/Examples#Include_scripts

Kind regards,

Tom



signature.asc
Description: OpenPGP digital signature

Re: correct permissions /etc/dovecot ?

[Tom Hendrikx]

On 16-08-17 08:57, voy...@sbt.net.au wrote:
> what permissions/ownership should /etc/dovecot/files have?
> 
> keep seeing this error below, I can correct as per log, BUT, wanted first
> to check what it should be, rather than me 'fiddling'
> 
> thanks, V
> 
> SQL user is vmail
> first_valid_uid = 2000
> last_valid_uid = 2000
> 
> # ls -al
> total 60
> drwxr-xr-x  5 rootroot4096 Aug 16 14:45 .
> drwxr-xr-x 82 rootroot4096 Aug 16 08:34 ..
> drwxr-xr-x  2 rootroot4096 Aug 12 21:22 conf.d
> -rw---  1 vmail   dovecot0 Nov  5  2013 dovecot-master-users-password
> -rw---  1 vmail   dovecot  735 Aug 16 14:45 dovecot-mysql.conf
> -rw---  1 vmail   dovecot  491 Aug 15 23:09 dovecot-share-folder.conf
> -rw---  1 vmail   dovecot  320 Aug 15 23:09 dovecot-used-quota.conf
> -rw-r--r--  1 rootroot3414 Aug 16 14:43 dovecot.conf
> 
> 
> Aug 16 16:28:01 auth: Error: passwd-file:
> open(/etc/dovecot/dovecot-master-users-password) failed: Permission denied
> (euid=97(dovecot) egid=97(dovecot) missing +r perm:
> /etc/dovecot/dovecot-master-users-password, dir owned by 0:0 mode=0755)

The auth daemon (which has nothing to do with delivery) needs access to
the mysql database, and wants to read the master user password file. The
auth daemon runs as user 'dovecot' which is, according to your directory
listing, not allowed to access the file. The error message is quite clear.

You could probably set ownership to vmail/dovecot with permissions 440
to fix it. If you're only allowing minimal permissions, why would user
vmail need write access to that file?

Kind regards,
Tom

Re: Modify stored mail contents?

[Tom Hendrikx]

On 23-07-17 13:07, Evan Martin wrote:
> It looks like the mail filter plugin
> [https://wiki2.dovecot.org/Plugins/MailFilter] is almost exactly what I
> want, except for this:
> 
>> Currently the filtering must not modify the message in any way: mail
> -> write filter -> read filter -> must produce exactly the original mail
> back.
>> (TODO: Modifying the mail during writing would be possible with some
> code changes.)
> 
> Is there any prospect of those code changes being made, so that the
> filter can modify mail contents?
> 
> There's no indication in the docs or the code of what would break if the
> contents were modified, but I'm guessing indexes and caches would be out
> of date and would need to be rebuilt? Is it possible to just disable
> those? I don't need high performance.
> 
> On 22/07/2017 12:51 PM, Evan Martin wrote:
>> Is there a safe way to modify the contents of emails stored by
>> Dovecot? I'll probably only want to change the message bodies, not the
>> headers, if that matters. Looking for ways to do this both for
>> existing emails and new emails as they are received (though anything
>> that works for existing emails can probably just be run again for new
>> emails.) My mail storage is currently mdbox, but I could migrate to
>> another format if that helps.

In general, you should not do this. When a message is stored using IMAP,
it is immutable. The IMAP server also remembers things like size and
assigns messages a unique ID, so mail readers that have already
downloaded the message with that ID, don't have to download the whole
message again to verify whether it's contents have magically changed.
What you're suggesting is not simply compatible with IMAP standards.

The normal way of applying changes to messages is just like a mail
client connecting to IMAP: create a new message and save it to the
store, then delete the old one.

Two people already asked you in this thread what the actual problem is
you're trying to solve, but you failed to answer the question. I'm
afraid that we can't help you any further without more detail.

Kind regards,
Tom



signature.asc
Description: OpenPGP digital signature

Re: dovecot lda bouncing postfix aliases

[Tom Hendrikx]

Oh wait, you crossposted to the postfix list. Please keep the discussion
there going, you have a postfix issue, not a dovecot one ;)

Tom

On 02-03-17 09:40, Tom Hendrikx wrote:
> Hi,
> 
> Typically, postfix should resolve the aliases into user accounts that
> dovecot knows before you even start delivering to dovecot. You probably
> messed something up in the postfix config that disables alias expansion
> before dovecot delivery is attempted.
> 
> Can you show us your postfix config?
> 
> Kind regards,
> 
>   Tom
> 
> On 01-03-17 15:36, Ian Evans wrote:
>> Recently configured postfix to use the dovecot lda as I wanted to use
>> sieve. Got that working a few days ago but noticed that I wasn't getting
>> any emails to aliases. Checked the logs and saw messages like:
>>
>> Mar  1 08:19:59 carson postfix/lmtp[16949]: 0DCD22016BE: to=<
>> sa...@example.com>, relay=carson.example.com[private/dovecot-lmtp],
>> delay=0.07, delays=0.01/0.01/0/0.04, dsn=5.1.1, status=bounced (host
>> carson.example.com[private/dovecot-lmtp] said: 550 5.1.1 <sa...@example.com>
>> User doesn't exist: sa...@example.com (in reply to RCPT TO command))
>>
>> Aliases were working previously and are in /etc/postfix/vmaps
>>
>> Anything I need to check on the dovecot end of things to get dovecot to
>> recognize postfix aliases?
>>
>> Thanks...reaching for my morning coffee. Info below:
>>
>> Dovecot 2.2.9
>>
>> # 2.2.9: /etc/dovecot/dovecot.conf
>> # OS: Linux 3.11.0-19-generic x86_64 Ubuntu 14.04.5 LTS ext4
>> auth_mechanisms = plain login cram-md5
>> mail_debug = yes
>> mail_location = maildir:/home/vmail/%d/%n/Maildir
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope encoded-character
>> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
>> copy include variables body enotify environment mailbox date ihave
>> namespace inbox {
>>   inbox = yes
>>   location =
>>   mailbox Drafts {
>> special_use = \Drafts
>>   }
>>   mailbox Junk {
>> special_use = \Junk
>>   }
>>   mailbox Sent {
>> special_use = \Sent
>>   }
>>   mailbox "Sent Messages" {
>> special_use = \Sent
>>   }
>>   mailbox Trash {
>> special_use = \Trash
>>   }
>>   prefix =
>> }
>> passdb {
>>   args = username_format=%u /etc/dovecot/shadow
>>   driver = passwd-file
>> }
>> plugin {
>>   sieve = ~/.dovecot.sieve
>>   sieve_dir = ~/sieve
>> }
>> protocols = imap pop3 sieve lmtp
>> service auth {
>>   unix_listener /var/spool/postfix/private/auth {
>> group = postfix
>> mode = 0660
>> user = postfix
>>   }
>>   unix_listener /var/spool/postfix/private/dovecot-auth {
>> group = postfix
>> mode = 0660
>> user = postfix
>>   }
>> }
>> service lmtp {
>>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>> group = postfix
>> mode = 0600
>> user = postfix
>>   }
>> }
>> ssl_cert = > ssl_cipher_list =
>> ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
>> ssl_key = > userdb {
>>   driver = passwd
>> }
>> userdb {
>>   args = username_format=%u /etc/dovecot/users
>>   driver = passwd-file
>> }
>> protocol lmtp {
>>   mail_plugins = sieve
>>   postmaster_address = postmas...@example.com
>> }
>> protocol lda {
>>   deliver_log_format = msgid=%m: %$
>>   mail_plugins = sieve
>>   postmaster_address = postmaster
>>   quota_full_tempfail = yes
>>   rejection_reason = Your message to <%t> was automatically rejected:%n%r
>> }
>> protocol imap {
>>   imap_client_workarounds = delay-newmail
>>   mail_max_userip_connections = 10
>> }
>> protocol pop3 {
>>   mail_max_userip_connections = 10
>>   pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
>> }
>>

Re: dovecot lda bouncing postfix aliases

[Tom Hendrikx]

Hi,

Typically, postfix should resolve the aliases into user accounts that
dovecot knows before you even start delivering to dovecot. You probably
messed something up in the postfix config that disables alias expansion
before dovecot delivery is attempted.

Can you show us your postfix config?

Kind regards,

Tom

On 01-03-17 15:36, Ian Evans wrote:
> Recently configured postfix to use the dovecot lda as I wanted to use
> sieve. Got that working a few days ago but noticed that I wasn't getting
> any emails to aliases. Checked the logs and saw messages like:
> 
> Mar  1 08:19:59 carson postfix/lmtp[16949]: 0DCD22016BE: to=<
> sa...@example.com>, relay=carson.example.com[private/dovecot-lmtp],
> delay=0.07, delays=0.01/0.01/0/0.04, dsn=5.1.1, status=bounced (host
> carson.example.com[private/dovecot-lmtp] said: 550 5.1.1 
> User doesn't exist: sa...@example.com (in reply to RCPT TO command))
> 
> Aliases were working previously and are in /etc/postfix/vmaps
> 
> Anything I need to check on the dovecot end of things to get dovecot to
> recognize postfix aliases?
> 
> Thanks...reaching for my morning coffee. Info below:
> 
> Dovecot 2.2.9
> 
> # 2.2.9: /etc/dovecot/dovecot.conf
> # OS: Linux 3.11.0-19-generic x86_64 Ubuntu 14.04.5 LTS ext4
> auth_mechanisms = plain login cram-md5
> mail_debug = yes
> mail_location = maildir:/home/vmail/%d/%n/Maildir
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date ihave
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
> special_use = \Drafts
>   }
>   mailbox Junk {
> special_use = \Junk
>   }
>   mailbox Sent {
> special_use = \Sent
>   }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }
>   mailbox Trash {
> special_use = \Trash
>   }
>   prefix =
> }
> passdb {
>   args = username_format=%u /etc/dovecot/shadow
>   driver = passwd-file
> }
> plugin {
>   sieve = ~/.dovecot.sieve
>   sieve_dir = ~/sieve
> }
> protocols = imap pop3 sieve lmtp
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
>   }
>   unix_listener /var/spool/postfix/private/dovecot-auth {
> group = postfix
> mode = 0660
> user = postfix
>   }
> }
> service lmtp {
>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
>   }
> }
> ssl_cert =  ssl_cipher_list =
> ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
> ssl_key =  userdb {
>   driver = passwd
> }
> userdb {
>   args = username_format=%u /etc/dovecot/users
>   driver = passwd-file
> }
> protocol lmtp {
>   mail_plugins = sieve
>   postmaster_address = postmas...@example.com
> }
> protocol lda {
>   deliver_log_format = msgid=%m: %$
>   mail_plugins = sieve
>   postmaster_address = postmaster
>   quota_full_tempfail = yes
>   rejection_reason = Your message to <%t> was automatically rejected:%n%r
> }
> protocol imap {
>   imap_client_workarounds = delay-newmail
>   mail_max_userip_connections = 10
> }
> protocol pop3 {
>   mail_max_userip_connections = 10
>   pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> }
> 

Re: Replacement for antispam plugin

[Tom Hendrikx]

On 10-02-17 09:06, Aki Tuomi wrote:
> Hi!
> Since antispam plugin is deprecated and we would really prefer people
> not to use it, we wrote instructions on how to replace it with
> IMAPSieve. Comments and suggestions are most welcome.
> 
> https://wiki.dovecot.org/HowTo/AntispamWithSieve
> 

Could you elaborate on the fact that it's deprecated? I never saw
anything about that? The wiki page wasn't mentioning that it's
deprecated since this morning?

Kind regards,
Tom

Re: AW: How to add User in MSSQL DB - error unknown user

[Tom Hendrikx]

Hi,

Your postfix and dovecot configurations refer to a MySQL database that
contains email accounts. You didn't get all of that by doing 'apt-get
install postfix dovecot', the database setup is something you added
yourself (or someone else did that for you). Running 'adduser -m
maurizio' will create a system user on the server, but no email account
in the MySQL database setup.

Please refer to the installation manual you (or someone else on your
behalf) followed during 'Add config steps to dovecot.conf, main.cf,
master.cf' which should tell you how to manage your accounts.

Regards,
Tom

On 08-02-17 13:14, Maurizio Caloro wrote:
> Linux caloro.ch 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1 (2016-12-30) x86_64
> GNU/Linux
> 
> Apt-get install postfix dovecot
> Adduser -m maurizio
> Add config steps to dovecot.conf, main.cf, master.cf
>  
> Email from CLI running, but if connect from Outlook or Thunderbird I have
> this error, I think
> that maurizio this user aren’t opened correct on this sqldb?
> 
> root@caloro:/home/maurizio# postconf -n
> alias_maps = $alias_database
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/lib/postfix
> data_directory = /var/lib/postfix
> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
> $daemon_directory/$process_name $process_id & sleep 5
> dovecot_destination_recipient_limit = 1
> home_mailbox = Maildir/
> html_directory = no
> inet_interfaces = all
> inet_protocols = ipv4
> local_transport = local
> mailbox_size_limit = 0
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> message_size_limit = 52428800
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> mydomain = nmail.caloro.ch
> myhostname = nmail.caloro.ch
> mynetworks = 127.0.0.0/8 192.168.1.0/27
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix
> sample_directory = /usr/share/doc/postfix
> sendmail_path = /usr/sbin/sendmail
> setgid_group = postdrop
> smtp_tls_note_starttls_offer = yes
> smtp_tls_security_level = may
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
> reject_unknown_client_hostname
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
> reject_unauth_destination, reject_unauth_pipelining,
> reject_non_fqdn_recipient
> smtpd_relay_restrictions =
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/auth
> smtpd_sasl_type = dovecot
> smtpd_sender_login_maps =
> mysql:/etc/postfix/mysql-virtual_sender_permissions.cf
> smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch,
> permit_sasl_authenticated, reject_unknown_helo_hostname,
> reject_unknown_recipient_domain, reject_unknown_sender_domain
> smtpd_tls_cert_file = /etc/ssl/server/servername.pem
> smtpd_tls_key_file = $smtpd_tls_cert_file
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_security_level = may
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
> virtual_gid_maps = static:2000
> virtual_mailbox_base = /var/customers/mail/
> virtual_mailbox_domains =
> mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
> virtual_mailbox_limit = 0
> virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
> virtual_transport = dovecot
> virtual_uid_maps = static:2000
> 
> 
> -Ursprüngliche Nachricht-
> Von: dovecot [mailto:dovecot-boun...@dovecot.org] Im Auftrag von Steffen
> Kaiser
> Gesendet: Mittwoch, 8. Februar 2017 12:52
> An: Maurizio Caloro 
> Cc: dovecot@dovecot.org
> Betreff: Re: How to add User in MSSQL DB - error unknown user
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Wed, 8 Feb 2017, Maurizio Caloro wrote:
> 
>> Please I need to add  "Maurizio" to this MSSQL DB, but I don't now how 
>> to add this step
> 
> add this step to which workflow, action, ... ?
> 
>> in my opinion I'think that the user can't be found, so I will have the 
>> "unknown user"
>>
>> Can give here any little help to fix this?
> 
> INSERT INTO mail_users (...) VALUES (*correct* data of maurizio);
> 
> Who has installed the Dovecot server and the user DB? This person should
> know how to fill the *correct* data into the SQL table.
> 
>> Feb  8 12:09:56 caloro dovecot: auth-worker(13303): Debug:
>> sql(mauri...@caloro.ch,151.248.162.33): query: SELECT username AS 
>> user, password_enc AS password, CONCAT(homedir, maildir) AS 
>> userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', 
>> homedir, maildir) AS userdb_mail, CONCAT('maildir:storage=', 
>> (quota*1024)) as userdb_quota FROM mail_users WHERE (username = 
>> 'mauri...@caloro.ch' OR email =
>> 

Re: dovecot-antispam plugin not work

[Tom Hendrikx]

Hi,

The package in debian/ubuntu is based on
http://wiki2.dovecot.org/Plugins/Antispam, which is a fork/rewrite of
the plugin by johannes@sipsolutions. Try to set it again using the
correct documentation :)

Regards,
Tom

On 03-11-16 21:12, basti wrote:
> Hello,
> I try to use the plugin for my dovecot in debian.
> It seem that the /usr/bin/sa-learn-pipe.sh is not execute.
> When I run /usr/bin/sa-learn-pipe.sh from commandline logfiles are created.
> I also read https://johannes.sipsolutions.net/files/antispam.html
> 
> In syslog you can see fist move a mail from "z_SPAM" to INBOX and then
> move a mail from INBOX to "z_SPAM".
> 
> Can you please help?
> Best regards
> 
> Config and log's are append.
> 
> dpkg -l | grep dovecot
> ii  dovecot-antispam  2.0+20130912-2   
> amd64Dovecot plugins for training spam filters
> ii  dovecot-core  1:2.2.13-12~deb8u1   
> amd64secure POP3/IMAP server - core files
> ii  dovecot-imapd 1:2.2.13-12~deb8u1   
> amd64secure POP3/IMAP server - IMAP daemon
> ii  dovecot-pgsql 1:2.2.13-12~deb8u1   
> amd64secure POP3/IMAP server - PostgreSQL support
> 
> ### log
> root@vsrv78105:/etc/dovecot# /etc/init.d/dovecot restart
> [ ok ] Restarting dovecot (via systemctl): dovecot.service.
> root@vsrv78105:/etc/dovecot# tail -f /var/log/syslog | grep imap
> Nov  3 20:02:45 vsrv78105 dovecot: imap-login: Warning: Killed with
> signal 15 (by pid=1 uid=0 code=kill)
> Nov  3 20:02:48 vsrv78105 dovecot: master: Dovecot v2.2.13 starting up
> for imap (core dumps disabled)
> Nov  3 20:03:03 vsrv78105 dovecot: imap-login: Login: user=,
> method=PLAIN, rip=xxx, lip=xxx, mpid=14954, TLS, session=
> Nov  3 20:03:03 vsrv78105 imap: antispam: plugin initialising (2.0-notgit)
> Nov  3 20:03:03 vsrv78105 imap: antispam: verbose debug enabled
> Nov  3 20:03:03 vsrv78105 imap: antispam: "Spam" is exact match spam folder
> Nov  3 20:03:03 vsrv78105 imap: antispam: "SPAM" is exact match spam folder
> Nov  3 20:03:03 vsrv78105 imap: antispam: "z_SPAM" is exact match spam
> folder
> Nov  3 20:03:03 vsrv78105 imap: antispam: no unsure folders
> Nov  3 20:03:03 vsrv78105 imap: antispam: "Trash" is exact match trash
> folder
> Nov  3 20:03:03 vsrv78105 imap: antispam: "trash" is exact match trash
> folder
> Nov  3 20:03:03 vsrv78105 imap: antispam: pipe backend tmpdir /tmp
> Nov  3 20:03:13 vsrv78105 imap: antispam: mailbox_is_unsure(INBOX): 0
> Nov  3 20:03:13 vsrv78105 imap: antispam: mailbox_is_trash(z_SPAM): 0
> Nov  3 20:03:13 vsrv78105 imap: antispam: mailbox_is_trash(INBOX): 0
> Nov  3 20:03:13 vsrv78105 imap: antispam: mail copy: from trash: 0, to
> trash: 0
> Nov  3 20:03:13 vsrv78105 imap: antispam: mailbox_is_spam(z_SPAM): 0
> Nov  3 20:03:13 vsrv78105 imap: antispam: mailbox_is_spam(INBOX): 0
> Nov  3 20:03:13 vsrv78105 imap: antispam: mailbox_is_unsure(z_SPAM): 0
> Nov  3 20:03:13 vsrv78105 imap: antispam: mail copy: src spam: 0, dst
> spam: 0, src unsure: 0
> Nov  3 20:03:14 vsrv78105 dovecot: imap-login: Login: user=,
> method=PLAIN, rip=xxx, lip=xxx, mpid=14959, TLS, session=
> Nov  3 20:03:14 vsrv78105 imap: antispam: plugin initialising (2.0-notgit)
> Nov  3 20:03:14 vsrv78105 imap: antispam: verbose debug enabled
> Nov  3 20:03:14 vsrv78105 imap: antispam: "Spam" is exact match spam folder
> Nov  3 20:03:14 vsrv78105 imap: antispam: "SPAM" is exact match spam folder
> Nov  3 20:03:14 vsrv78105 imap: antispam: "z_SPAM" is exact match spam
> folder
> Nov  3 20:03:14 vsrv78105 imap: antispam: no unsure folders
> Nov  3 20:03:14 vsrv78105 imap: antispam: "Trash" is exact match trash
> folder
> Nov  3 20:03:14 vsrv78105 imap: antispam: "trash" is exact match trash
> folder
> Nov  3 20:03:14 vsrv78105 imap: antispam: pipe backend tmpdir /tmp
> Nov  3 20:04:05 vsrv78105 imap: antispam: mailbox_is_unsure(z_SPAM): 0
> Nov  3 20:04:05 vsrv78105 imap: antispam: mailbox_is_trash(INBOX): 0
> Nov  3 20:04:05 vsrv78105 imap: antispam: mailbox_is_trash(z_SPAM): 0
> Nov  3 20:04:05 vsrv78105 imap: antispam: mail copy: from trash: 0, to
> trash: 0
> Nov  3 20:04:05 vsrv78105 imap: antispam: mailbox_is_spam(INBOX): 0
> Nov  3 20:04:05 vsrv78105 imap: antispam: mailbox_is_spam(z_SPAM): 0
> Nov  3 20:04:05 vsrv78105 imap: antispam: mailbox_is_unsure(INBOX): 0
> Nov  3 20:04:05 vsrv78105 imap: antispam: mail copy: src spam: 0, dst
> spam: 0, src unsure: 0
> ^C
> 
> root@vsrv78105:/etc/dovecot# ls -la /tmp/
> insgesamt 8864
> drwxrwxrwt  8 root root   12288 Nov  3 20:07 .
> drwxr-xr-x 22 root root4096 Jun 17 14:41 ..
> drwxrwxrwt  2 root root4096 Nov  1 14:16 .font-unix
> drwxrwxrwt  2 root root4096 Nov  1 14:16 .ICE-unix
> drwxrwxrwt  2 root root4096 Nov  1 14:16 .Test-unix
> drwxrwxrwt  2 root root4096 Nov  1 14:16 .X11-unix
> drwxrwxrwt  2 root root4096 Nov  1 14:16 .XIM-unix
> 

Re: Login just at special timeslots / working hours

[Tom Hendrikx]

On 27-09-16 17:03, Aki Tuomi wrote:
> 
>> On September 27, 2016 at 5:42 PM Götz Reinicke - IT Koordinator 
>>  wrote:
>>
>>
>> Hi,
>>
>> is there a dovecot feature I did not found yet, which can limit the
>> access to the server to special timeslots like working hours?
>>
>> Or is that a serverside / sssd / auth / pam / account feature?
>>
>> Thanks for hints to some helpfull documentation and sugesstions.
>>
>> Regards . Götz
>>
>>
> 
> At least this is doable with PAM. See 
> http://www.linux-pam.org/Linux-PAM-html/sag-pam_time.html
> 
> Aki
> 


You could also use http://wiki.dovecot.org/PostLoginScripting . There is
a nice example named 'Denying connection from some IP/User'.

Regards,
Tom

Re: sieve - find in header

[Tom Hendrikx]

On 09-09-16 08:35, Hajo Locke wrote:
> Hello,
> 
> thanks for your help.
> 
> Am 08.09.2016 um 22:13 schrieb Tom Hendrikx:
>> On 08-09-16 20:51, @lbutlr wrote:
>>> On Tue Sep 06 2016 07:25:38 Hajo Locke<hajo.lo...@gmx.de> said
>>>> How to solve this case and find a string in arbitrary/unknown
>>>> headerline?
>>> You’ll have to create multiple sieves covering the possible headers.
>>>
>> Maybe when you tell what you're trying to achieve, we can give you
>> better advice.
>>
>> Almost no one is looking for random strings in random headers, since
>> headers are (somewhat) structured data. Could you share with us what
>> string you are looking and why you don't know up front which header
>> field you need to use to look for it?
> 
> We have a webmailer where experienced users are able to create
> filterrules. They can can choose from a lot of predefined headerlines
> and insert text to find. After that they choose a respective action.
> To cover all cases we had a choosable option "complete header" to find a
> string in every headerline without knowing the specific line. This is
> done easily in procmail:
> 
> :0 H
> * ^*searchstring
> 
> i agree that an option like this is needless and it was a mistake to
> offer it.
> If this is not achievable in sieve, we have to remove this
> search-option. May be we replace by a kind of custom-headerline.

I guess that would be my solution too.

Maybe you can check the existing configurations from your users to see
how many ppl actually use this action. If there any only a few, then
that might be used an an extra argument in the discussion on removing
the option altogether. Especially when you are able to manually replace
the existing uses with a construct that sieve *does* support (f.i.
someone uses this because wasn't able to determine which header name was
actually needed, which is easier when you actually filtered a few messages).

Kind regards,
Tom

Re: sieve - find in header

[Tom Hendrikx]

On 08-09-16 20:51, @lbutlr wrote:
> On Tue Sep 06 2016 07:25:38 Hajo Locke said
>> How to solve this case and find a string in arbitrary/unknown headerline?
> 
> You’ll have to create multiple sieves covering the possible headers.
> 

Maybe when you tell what you're trying to achieve, we can give you
better advice.

Almost no one is looking for random strings in random headers, since
headers are (somewhat) structured data. Could you share with us what
string you are looking and why you don't know up front which header
field you need to use to look for it?

Kind regards,
Tom




signature.asc
Description: OpenPGP digital signature

Re: sieve vacation: write to the .lda-dupes database without generating a vacation response.

[Tom Hendrikx]

On 19-04-16 20:01, Bradley M. Kuhn wrote:
> I'm using Dovecot's sieve extensions quite happily, they are very good!
> Thanks for all who worked on them.  I have a question that maybe is
> appropriate for a sieve-specific discussion list, so if there is one I
> should post to instead, please let me know:
> 
> 
> I've poked through the sieve vacation RFC and all the documentation I
> can find and I cannot figure out how to do this.  It's more-or-less not
> the intent of sieve's vacation, so perhaps it's more of a "you can't get
> there from here" situation, but maybe folks here have an idea:
> 
> I am (ab)?using sieve vacation to send an automated response at all
> times to all senders who put me in the To line, every 90 days, which
> explains my lack of responsiveness and to explain who else might be
> better contact. (I have hundreds of emails sent to me to which I will
> never have time to respond, and probably should have been routed to
> someone else at my organization anyway.)
> 
> However, I *don't* want my regular correspondents to receive this
> autoreply.  I'd thus like to seed the database with known individuals
> I'm corresponding with to pretend they've already received the
> autoresponder.
> 

You shouldn't try to force feed the dupes files, that's a hack: the
dupes files has no public api so you probably shouldnt be messing with
it directly.
A proper solution would be to include a list of excluded addresses in
the sieve script, and exempt those from the autoresponder, maybe
something like this:

require "envelope";
require "variables";

set :lower "whitelist" "first@example,com sec...@example.com";

if envelope :matches "from" "*" {
  set :lower "sender" "${0}";
  if string :matches "${sender}" "${whitelist}" {
# do nothing, sender is on whitelist
  } else{
# do regular autoresponder stuff
  }
}

The whitelist variable could be auto generated and updated from your
address book or archive box parser.

I have no idea if this actually scales. You could also implement the
whitelist variable using extdata
(http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extdata), or
outsource the complete whitelist check to an external program (a trivial
script in a real programming language) using extprograms's "execute"
(http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extprograms).

Good luck!

Kind regards,
Tom



signature.asc
Description: OpenPGP digital signature

Re: antispam plugin, pipe backend, how to make it work?

[Tom Hendrikx]

On 13-04-16 08:27, Johannes Rohr wrote:
> Hi List,
> 
> does the antispam plugin any way of actually seeing how it is
> calling the pipe program and how it is failing? I can't reproduce the
> failure when I call sa-learn manually. Can someone tell me, with
> which UID the call happens, is it the UID the current dovecot process
> is running under (which would be vmail, as it is a virtual user
> setup) Cheers,
> 

Hi Johannes,

This is exactly what the wrapper script is supposed to log for you, or
which is trivially to add to its output. The wrapper script is not
actually useful for production, but it is for debugging. That is why I
asked for its logging, and any differences between manual run and a
dovecot run.

Regards,
Tom


> Johannes
> 
> Am 12.04.2016 um 23:09 schrieb Johannes Rohr:
>> Hi Tom,
>> 
>> Am 12.04.2016 um 22:26 schrieb Tom Hendrikx:
>>> On 12-04-16 20:14, Johannes Rohr wrote:
>>>> Hi, my setup is a dovecot 2.0.19 IMAP server on Ubuntu Precise 
>>>> with the antispam plugin in version  2.0+20120225-2 and
>>>> spamassassin at version 3.2.2
>>>> 
>>>> I have been trying and failed to get the pipe backend of the
>>>> antispam plugin to work. Spamassin by itself works, a manual
>>>> call of sa-learn works fine. Bayes data is stored in a mysql
>>>> DB.
>>>> 
>>>> I have the following configuration in 
>>>> /etc/dovecot/conf.d/90-plugin.conf
>>>> 
>>>> plugin { #setting_name = value sieve=~/.dovecot.sieve 
>>>> sieve_dir=~/sieve antispam_pipe_program_spam_arg = --spam 
>>>> antispam_pipe_program_notspam_arg  = --ham 
>>>> antispam_pipe_program = /usr/local/bin/sa-learn-pipe.sh 
>>>> antispam_pipe_program_args = --username=%u # % expansion done
>>>> by dovecot
>>> You need to specify the argument list as a list seperated by
>>> semicolons, per example on the wiki:
>>> 
>>> antispam_pipe_program_args = --username;%u
>> 
>> Not sure about that, because sa-learn expects the parameter 
>> --username=u...@na.me, this is one parameter, not two, and it
>> works for me locally, where I also set up dovecot to test. The
>> main differences are that the versions I have here are newer, I'm
>> running Debian sid, the server is on Ubuntu Precise, and second,
>> the server is handling virtual users, locally I have only real Unix
>> users.
>> 
>> Also, dovecot doesn't complain about configuration errors regard 
>> --username=%u. What other way would be there to get the parameter 
>> passed to sa-learn the way I want?
>> 
>> btw, I tried this, just to be sure, but the result was the same.
>> 
>>> 
>>> The verbose debug should give you some logging to work with.
>> Yes, and I pasted the output. I can of course repeat:
>> 
>> Apr 12 22:53:02 vm10 imap: antispam: mailbox_is_unsure(Junk): 0 Apr
>> 12 22:53:02 vm10 imap: antispam: mailbox_is_trash(INBOX): 0 Apr 12
>> 22:53:02 vm10 imap: antispam: mailbox_is_trash(Junk): 0 Apr 12
>> 22:53:02 vm10 imap: antispam: mail copy: from trash: 0, to trash:
>> 0 Apr 12 22:53:02 vm10 imap: antispam: mailbox_is_spam(INBOX): 0 
>> Apr 12 22:53:02 vm10 imap: antispam: mailbox_is_spam(Junk): 1 Apr
>> 12 22:53:02 vm10 imap: antispam: mailbox_is_unsure(INBOX): 0 Apr 12
>> 22:53:02 vm10 imap: antispam: mail copy: src spam: 0, dst spam: 1,
>> src unsure: 0 Apr 12 22:53:02 vm10 imap: antispam: running
>> mailtrain backend program /usr/bin/sa-learn Apr 12 22:53:02 vm10
>> imap: antispam: running mailtrain backend program 
>> /usr/bin/sa-learn Apr 12 22:53:02 vm10 imap: antispam: running
>> mailtrain backend program parameter 1 --username=johan...@rohr.org 
>> Apr 12 22:53:02 vm10 imap: antispam: running mailtrain backend
>> program parameter 2 --spam Apr 12 22:53:03 vm10 imap: antispam: run
>> program failed with exit code -1
>> 
>> 
>> 
>> 
>>> Also, what does the wrapper script log when dovecot runs it?
>> 
>> I have actually ditched  the wrapper script because it works
>> without locally, I have configured the plugin to call sa-learn
>> directly.
>> 
>>> How does that differ from a manual run?
>> sa-learn works just fine with a manual run. It seems as if the
>> plugin is passing the parameters wrongly, but the debugging output
>> doesn't reveal the actual command, so it's just guesswork.
>> 
>> Cheers,
>> 
>> Johannes
>> 
>>> 
>>> 
>>>> antispam_trash = trash;Trash;Deleted Items;Deleted Messages 
>>>> antisp

Re: antispam plugin, pipe backend, how to make it work?

[Tom Hendrikx]

On 12-04-16 20:14, Johannes Rohr wrote:
> Hi, my setup is a dovecot 2.0.19 IMAP server on Ubuntu Precise with
> the antispam plugin in version  2.0+20120225-2 and spamassassin at
> version 3.2.2
> 
> I have been trying and failed to get the pipe backend of the antispam
> plugin to work. Spamassin by itself works, a manual call of sa-learn
> works fine. Bayes data is stored in a mysql DB.
> 
> I have the following configuration in /etc/dovecot/conf.d/90-plugin.conf
> 
> plugin {
>   #setting_name = value
>   sieve=~/.dovecot.sieve
>   sieve_dir=~/sieve
> antispam_pipe_program_spam_arg = --spam
> antispam_pipe_program_notspam_arg  = --ham
> antispam_pipe_program = /usr/local/bin/sa-learn-pipe.sh
> antispam_pipe_program_args = --username=%u # % expansion done by
> dovecot

You need to specify the argument list as a list seperated by semicolons,
per example on the wiki:

antispam_pipe_program_args = --username;%u

The verbose debug should give you some logging to work with. Also, what
does the wrapper script log when dovecot runs it? How does that differ
from a manual run?


> antispam_trash = trash;Trash;Deleted Items;Deleted Messages
> antispam_spam = SPAM;Junk
> antispam_backend = pipe
> antispam_verbose_debug = 1
> antispam_debug_target = syslog
> antispam_pipe_tmpdir = /tmp
> }
> 
> I have tried the following wrapper script:
> #!/bin/bash
> # set -x
> LOGFILE=/tmp/sa-learn-pipe.log
> echo "$$-start ($*)" >> $LOGFILE
> #echo $* > /tmp/sendmail-parms.txt
> cat<&0 >> /tmp/sendmail-msg-$$.txt
> /usr/bin/sa-learn $* -D /tmp/sendmail-msg-$$.txt >> $LOGFILE 2>&1 && \
> rm -f /tmp/sendmail-msg-$$.txt
> echo "$$-end" >> $LOGFILE
> exit 0
> 
> It somehow isn't working. I can call the wrapper script manually e.g.
> sudo -u vmail /usr/local/bin/sa-learn-pipe.sh --username=s...@mail.user
> --ham \
> < someham
> 
> But it doesn't work from dovecot. It seems the script is called. but no
> new patterns show up in the bayes DB. Unfortunately, the plugin seems to
> be documented poorly. How does it call the programme it pipes to? Is it
> something like $programme --par1 --par2 < message ? Why can't /
> shouldn't I call sa-learn directly? All the instructions I found on the
> in internet contained a wrapper script, but none bothered to explain why
> you would actually need it.
> 
> I would be very grateful, if someone could enlighten me on that...
> 
> Cheers,
> 
> Johannes




signature.asc
Description: OpenPGP digital signature

Re: Dovecot sieve - How to check which username a mail is being delivered to?

[Tom Hendrikx]

Hi,

According to RFC https://tools.ietf.org/html/rfc5228#section-5.4

If one of the envelope-part strings is (case insensitive) "to", then
   matching occurs against the TO address used in the SMTP RCPT command
   that resulted in this message getting delivered to this user.  Note
   that only the most recent TO is available, and only the one relevant
   to this user.

So only the envelope recipient for the current delivery is available,
i.e. a single address.

Regards,
Tom

On 27-02-16 10:42, Yannik Sembritzki wrote:
> 
> Hi,
> 
> what happens when an email with multiple recipient is (RCPT TO) is
> delivered over lmtp? Will 'envelope "to"' contain multiple recipients in
> this case?
> 
> 
> Am 27.02.2016 um 00:53 schrieb Tom Hendrikx:
>> On 26-02-16 21:44, Yannik Sembritzki wrote:
>>> Hi everyone,
>>>
>>> I am looking for a way to check which mailbox an email is being
>>> delivered to in a global sieve filter.
>>>
>>> After not being able to find some kind of variable that is populated by
>>> dovecot automatically, I tried to use the `Delivered-To` header.
>>> I tried a check like this:
>>>
>>> header :is "delivered-to" "<u...@domain.org>"
>>>
> 
>> You're probably better off using envelope recipient:
> 
>> envelope :is "to" "recipi...@example.org"
> 
>> Regards,
>> Tom
> 
> 
> 




signature.asc
Description: OpenPGP digital signature

Re: Dovecot sieve - How to check which username a mail is being delivered to?

[Tom Hendrikx]

On 26-02-16 21:44, Yannik Sembritzki wrote:
> Hi everyone,
> 
> I am looking for a way to check which mailbox an email is being
> delivered to in a global sieve filter.
> 
> After not being able to find some kind of variable that is populated by
> dovecot automatically, I tried to use the `Delivered-To` header.
> I tried a check like this:
> 
> header :is "delivered-to" ""
> 

You're probably better off using envelope recipient:

envelope :is "to" "recipi...@example.org"

Regards,
Tom



signature.asc
Description: OpenPGP digital signature

Re: sieve_extprograms - run any individual script?

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 21-09-15 14:34, Hajo Locke wrote:
> Hello,
> 
> i use sieve extension sieve_extprograms to send incoming mail to
> some script. For security reasons it is needed that script-paths
> etc. are registered in dovecot.conf This is my current
> dovecot.conf
> 
> plugin { sieve = ~/.dovecot.sieve sieve_plugins =
> sieve_extprograms sieve_extensions = +vnd.dovecot.pipe
> +vnd.dovecot.filter +vnd.dovecot.execute sieve_pipe_bin_dir =
> /usr/local/bin/ sieve_filter_bin_dir = /usr/local/bin/ }
> 
> .dovecot.sieve example:
> 
> if address "to" "t...@example.com" { filter "myfilter"; }
> 
> This is all working without problems.
> 
> Is there a possibility to allow users the execution of individual 
> scripts in own homepath? Some people need to pipe mails to scripts
> for immediately processing (some ticketsystems need this). Is there
> a way to make this possible with sieve?

I'd hope that for a ticketing system setup that needs this, the mail
admin is asked to help setup a proper solution. The very design where
the mail admin decides which programs are (safe to) run is based on
security.

If you really want your users to define their own programs to run, you
could create a simple shell script and setup it up as an extprogram,
which delivers their mail to procmail. But it's surely the ugliest
workaround I made up this year... ;P

Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWADcuAAoJEJPfMZ19VO/110oP/R9EztNAlI/QsfBPAVqRYI5k
PGPAeCwb952BUKQNbx8koVChsL4nMnX8QqcUDyg0NUN1H4ImZhAGbdNBISGmpVmI
3wb1EjGkadoSC+t6NXqAP+fIljNZe9gA2T54J+w8iDl3Qv6zNCq6eIWAS8xYPLOG
/0l1uJ+eVs2UvPpHMGXT+XI649nyIzsB2ac0TP6EffcxX9tY7O3LhEMvgZWBSm72
POAa+TYApb4jsZFcffgZAbFFoyDgujL3sxK8yBHNu3q8xYDJ2dLJxEVQwneKsc/1
6N18c4TWrl3TnhCEWbzq5pjSsqaEAW6wyQXFxw1j7k41cplWgZB2wuCLyMo448E6
P820HA4T4Vd19Lk0VsIaCj4CTVCE4BQ+mhRi/rDFOqa32iObtp8e9sAcz8bzsjof
Si7Z2jtv6S8B8Jw8pX5e0zNeTtcguYLVwOJEFadjmmOXK0qWvkA+Cstx+2Yhcal9
1p6CaNzPSXjKV1d1RWjYtGfK8FjkWYKcpO/csfjswQjucAEUGv2+W3NLd39p/Esg
/7KLlE9d4Ar86SK0GX72oDg7L2zOxSXd1rpC2DUae+WLIzzX+bY+mNxMjeabcSQl
2/baD0jiTT2g2vb+QtBUlZmB8hdqnfALC6lL47yoojBjwX1cjjZzXsiqt0O+zKb9
pZPm6gzKVTnNpdGN+LX5
=h/hT
-END PGP SIGNATURE-

Re: Sorry, another faq

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12-06-15 13:37, Martin S wrote:
 I've installed a mailserver according to these instructions: 
 http://www.server-world.info/en/note?os=CentOS_7p=httpdf=13 When
 I try to login to the server through Roundcube webmail I get 
 Connection to storage server failed.
 
 So checking on this
 
 [12-Jun-2015 11:28:53 +]: 6jap13r2 IMAP Error: Login failed
 for martin from 83.251.209.249. Could not connect to
 ssl://myserver:993: Permission denied in 
 /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on
 line 198 (POST /roundcubemail/?
 

If this actually is Centos 7, selinux may also be the culprit. Keep an
eye on audit logging when testing too.

 /etc/roundcubemail/config.inc.php
 
 Has the following: $config['default_host'] =
 'ssl://mail.myserver.tld'; [address obfuscated] 
 $config['default_port'] = 993;
 
 as I understand should be correct.
 
 I've been looking at various posts on the net that says the problem
 is a permission on dovecot, but I fail to find anything to how to
 fix this as it looks right to me.
 
 Any suggestions?
 
 /Martin S
 

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJVfcC2AAoJEJPfMZ19VO/1dIgP/iSaRHDt/lPaEh0YG1m/gj5k
a6PGbXR+3XM+8KPBw6bLqYFleGEDNVv0D3fbdBeJ5NvDQ1fxFx8xyHsFk4iY8PAK
1xU0A3h3BgnPzTvNT51mlC8eOel7gCZZZcDXFzPEVQ02v61ypTLmcxdc3ThH7A2X
luqfLvTCKt4FY5T5vsc/zBSbzvBgl9T+9oqL2Ei3s5qL5PrFAx74lyzFW+HDbEP1
0/yIsJvb36n3Yyj07+6pXqhhCbQDy6ZBYSOPJ7rX+uoD/AMCoTi8iIEprnDa77RN
RU1K5bO0sj4AGbIR0cPPbbxaLTtlvfXnH8G5G8Ur/6XRUY6rtytTVjR4P/7jGVlV
TDOToF2ju9YIn5lEdEw8Wck8J1SDgDbnkOxPazikxH3h9zs4tejlQjzePnmmywZf
EmpYFsYNuCDdoAJWD6hNXD61MgQRNBZKIU42VcjJ/LiwMMRHc5uEVNBdCOupQRJ3
YVSSzydO7wN4yqly7OI4PqtCgRtqMp8JqPhlxS8Ks29Gqr1CXMMG20WLB1t0SaIe
CPzcJMH+UYFgg0vNQcozCB8NrmgPwcJpwdFRki35bZvVhcAkZBfE48bBsmv9cmbH
cXt3lV6mvC3oloiGTclvpRESgLN5h2vPtRNNO/Kfsj4SRt5RBfjSt/SlhWAEBkFv
VfrOxi3oku4vtic7gnoH
=z2oM
-END PGP SIGNATURE-

Re: Dovecot mbox other programs

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09-06-15 15:05, Pali Rohár wrote:
 On Tuesday 09 June 2015 08:44:06 Charles Marcus wrote:
 On 6/9/2015 8:36 AM, Charles Marcus cmar...@media-brokers.com
 wrote:
 On 6/8/2015 5:11 PM, Pali RohĂĄr pali.ro...@gmail.com wrote:
 Still I want read/write access to storage and want to use
 mbox as storage (also for easier backup and copy)...
 
 And my question was how to properly read and write from/to
 mbox files which are used by dovecot.
 There is no method for doing this.
 
 Guess that should have read:
 
 There is no 'proper' or safe way for doing this.
 
 
 Ok, thanks for information!
 
 Anyway I think that for atomic/snapshot read of mbox file should be
 ok (when lock is not acquired by dovecot). Or not?
 
 And which emails in mbox are used only internally by dovecot? Only
 those which have X-IMAPbase header? Or are there any other emails
 which should I ignore when I parse mbox file (for read access)?
 

It's a standard, so you can read up on it:
http://lmgtfy.com/?q=mbox+format+standard


-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJVdxFqAAoJEJPfMZ19VO/1+mcQAIOPXatJ5GiyET5MtrMfjf9m
TiDL7LeddP8/ALfUogMS0HjlB35rRYsXPm7t+l8pCoconVPz2y1R8nNV1PxZj3H0
zfuX/UqskbEsRgQUlV7mrnqZllI3HdaEMuoFqEzI4rpA06PgTFC3yM/2gzVB3Vuq
0miPMy7GokaaaEb62vG7gUbdpAxGYcvuzcRpRIayx/VGuCJT6H3ZCcOSo3vINArR
ZBKC7hzFsp5mu+mEdR3cl3+7tmCV/pxgbxvZEB93hOFZOdNdZaVGH4oSeLjcxULa
S9kNQFVq9qH4EsOL6M1r2I9GFLTJtVxCRVlb5ay56QW8tzeVUCHRY+f/zfpIaCub
3aOc09/BRQKmRaL6iftzK34rI65HjVync/6Iq2OpTxolK1Ftr9Q8595UPxjmVfXC
SHG5NsjhkN1ZYZID/j0EAtCBXd876cqjVhWD5xCEu2Ot+9SDZBTzOc6IHU00uy/U
0h6kMry0lkW+YncsKDJXQiqzhkD0wiMxV9PaH8Q0QzA3hV4eMRRqXWKSOODHmWbZ
m+/S81ehnXuzlR1jzGcJ/6FddXr47DsIZYxrjrbIIHg5gNqPct9AH4rzyVRb2IPt
s9YXJPUFlDjRiYxb8RE5x7339KhCYpllZ4kNdTvh9GlIrcHqXI/mYjOE8uR7cr7H
axHx+tjYyD6YjlkFLei0
=9jDh
-END PGP SIGNATURE-

Re: Dovecot mbox other programs

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 06-06-15 19:01, Pali Rohár wrote:
 Hello,
 
 I want to use dovecot as imap server with mbox storage format
 (described at [1]) but I also want to access (and modify!) those
 mbox files which are stored on server (and used by dovecot).
 
 What is correct way to read those mboxes? From wiki page [1] I read
 that I should ignore first message in mbox (which contains
 X-IMAPbase header) and mbox file is in mboxcl2 format.
 
 And what is correct way to modify that mbox file (which is used by
  dovecot imap)? I would like to configure mutt on server to
 directly access those mbox mailboxes without need to use imap
 protocol (over localhost). It is possible without any data/message
 damage?

Just out of curiosity: why are you interested in handling the files
manually when dovecot and IMAP protocol can already do that for you?

Even when accessing the files directly from the server, dovecot will
handle possible file correction, access control, file permissions etc
all for you. Using IMAP to localhost with mutt still gives you all of
the above, maybe including other nice IMAP-related benefits such as
FTS etc.

Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJVdX+9AAoJEJPfMZ19VO/1yqsP/3ZHyKwJJ9IAmeMTaT/W2wHM
gLhXAJj3ZYO2s1gp5b2Swyq/ta4KUDEwgdWQQaDK2YVdyTTu9f/6TgMubPNcuYV9
ogfqyGunPpVk3ZVSf9U2EviU2SXvjzUDuZ1bI80IxQYVXYOidzAZw4wBN+IXjFss
giLKaI+T6YOU2+nFrCkavjMXuwbPhjo84Xe2KPvB0mcGy31HQoHq/ChOYHVzYUkH
1qYVWOE5bjUMHZFwExsR84vhjIBTAqwqKP0Hf5JdZRIafsrysY0gqSOWcrTeu7HH
e2MLQvtLr3vAWoi319AQ03vz//ESOKBfZl/tv2ZuVzh8o9l0zkDtm0FxMlj+rrmQ
/O/1kV4jJGjcCYfL61hZPkHHcI8sJq81Dz0CX5xbisYCLkk+EpWHjQC9ILgcl6vQ
FBBOqvCfgmyCgYHi/3PbIZ5Hd4gmzIG2Du+59Webv/dIigeNv5dW5gbqx7kLYP1A
ltBYQYtK+/tSVOZKjvcfNoT6BQcSn90VGNC2QzO8FcDkTzu/ihiY4DuE9bpCDgAs
uebcRa55DOhL3EFeEy85fczCuac1TM8uaO+la9Xdokj4lWl20j6HlGQPlykRlMx0
Kyw6Z42SIR9lFa+Q+KsvBDY94rfwj5sgmo5oelndno/l1bHx1h8BGesbzKyS53r1
Jl57kyy3lePwcQ+dbGYm
=lrws
-END PGP SIGNATURE-

Re: userdb username change ignored when using (My)SQL was: Re: userdb username changed

[Tom Hendrikx]

On 20-04-15 15:09, Péter Márton wrote:
 Hi!
 
 It works when using LDAP.
 I've duplicated the username change debug line, just to see that the
 variables are really updated:
 
 Apr 20 14:30:27 imap21 dovecot: auth-worker(27127): Debug:
 sql(p...@example.net): username changed p...@example.net - uppp
 Apr 20 14:30:27 imap21 dovecot: auth-worker(27127): Debug: sql(uppp):
 username changed uppp - uppp
 Apr 20 14:30:27 imap21 dovecot: auth: Debug: userdb out:
 USER#0111#011...@example.net#011home=/home/ppp#011uid=500#011gid=500#011quota_rule=*:storage=3100b:messages=1024
 
 And the answer is of course yes. Just the userdb out string has the wrong 
 value.
 The right value is lost somewhere. But where?

Your messages to this list seem to miss a feature that is very welcome
on this kind of mailing lists: an actual problem or an issue you want to
fix.

When users can login and the username change is intended (as can be
concluded from your comments), then what is the problem you're reporting?

Are you trying to reporting the fact that the auth debug output has the
wrong username value? If not, what is it you're to tell us? :)

 
 Regards,
 
 Peter
 
 
 Log of the (for me unusable) LDAP query:
 
 Apr 20 14:28:07 imap21 dovecot: auth: Debug: master in:
 USER#0111#011m2500j6#011service=doveadm
 Apr 20 14:28:07 imap21 dovecot: auth: Debug: ldap(m2500j6): user
 search: base=ou=Users,ou=Mail,dc=bnet,dc=at scope=subtree
 filter=(uid=m2500j6) fields=mailHost
 Apr 20 14:28:07 imap21 dovecot: auth: Debug: ldap(m2500j6): result:
 mailHost=localhost; mailHost unused
 Apr 20 14:28:07 imap21 dovecot: auth: Debug: ldap(m2500j6): username
 changed m2500j6 - localhost
 Apr 20 14:28:07 imap21 dovecot: auth: Debug: ldap(localhost): username
 changed localhost - localhost
 Apr 20 14:28:07 imap21 dovecot: auth: Debug: ldap(localhost): result:
 mailHost=localhost
 Apr 20 14:28:07 imap21 dovecot: auth: Debug: userdb out:
 USER#0111#011localhost#011
 

Re: Problem connecting to an imap account with Dovecot

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 28-03-15 15:39, Laurent Rathle wrote:
 Hello,
 
 I have several accounts on my server. I can’t connect to one of
 them using Apple mail on Mac or IOS to create my account or read my
 mail in these applications. I can send mails to this address and
 read them with my Horde webmail. I have these messages in the log
 :
 
 Mar 28 12:21:49 sd-41648 dovecot: imap-login: Login:
 user=laur...@xx.fr, method=PLAIN, rip=::1, lip=::1,
 mpid=13705, TLS, session=vKWGdFcSXAAB

Login from localhost (rip=::1), probably using horde webmail

 Mar 28 12:21:50 sd-41648 dovecot: service=imap,
 user=laur...@xx.fr, ip=[::1]. Disconnected: Logged out rcvd=26,
 sent=435

Logout from localhost, same same. rcvd and sent data are larger than
zero, seems to work fine.

 Mar 28 12:21:21 sd-41648 postfix/master[31571]: message repeated 4
 times: [ warning: master_wakeup_timer_event: service
 pickup(public/pickup): Connection refused] Mar 28 12:21:52 sd-41648
 postfix/master[31571]: warning: master_wakeup_timer_event: service
 qmgr(public/qmgr): Connection refused

Unrelated to dovecot, but your server seems to have other issues too.

There are no log lines from dovecot that tell us about connections
from remote (i.e. non localhost) hosts. If you can't connect using an
external client, maybe your firewall is still closed, or dovecot is
only listening on localhost?

You should start here: http://wiki.dovecot.org/TestInstallation and
tell where you got stuck (and include the details of the steps you
managed to complete).

 
 I have :
 
 Plesk 12 Ubuntu 14.04.2 Dovecot 2.2.12
 
 You can see my configuration file here :
 http://pastie.org/10059309

No obvious stuff in there other than the qmail references (despite
having postfix running too), but please post `dovecot -n` output
directly in your mail, next time. Thank you ;)

 
 What should I do ?
 
 Thank you
 

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJVFsQsAAoJEJPfMZ19VO/1iPMQAJNUjT3tw8bPZzJ4fBGZprcE
gWSP5QeE5ysDoHy7v0Sh01IeZRezfQDAz9bXlowdvVJacjpqpNzTasCuZz0hGL/F
PZLS2ESsIAlbQkDdWt7+O2k85jMNtWOEe/iYbnVgRczJr+3LaEvCBia8m/s9iAQg
d+gc6OuWKe0CmExXHS8u8L0CoW46MxM509hwD51ToL4KDNByI0EgSymH84hopggr
ajk/KEeR79q3VmsYox5xCZ7vvsJeWJ7s1iQjn3I24bBHafWV6jfGlDJ8jGSXQQL8
T8JUElRHGqYhm3fyfMmQhPi1evvn8UASxh2U35Tek4Ea7udL83ZL4KNaXb2VeUsH
uV7m7QgoVbE0wUIfmJdTIhgLJi4KXrThkGFgKoKNqBQRYGW6nX/61K1rqNSd34aQ
XjcHWZ3mdVXse87HlWpOgUWG0b4kPLWUHenGo2loJP1jweGGTj2GAf9oxk39l1z/
Swp88GX0p6+Hl80btA7QAs/mHfAWdZgSct67PwxEW45hSlX6pI9+RCGt8C3F3drY
bEQ/Pl7Aj5I7OD0htNb1xiS+BjlqGPiDYs0Prjo/n3n5vg2LJDCFi+1ThtJ+4QJw
gzuM8Or3P1J8iPy1HhqNF/EzMyyhlFgDXlKmLTc9HzWVF59g8w+7jZgsIBFJBSVd
3FhDtoKm5b72D7efcfLU
=rRD5
-END PGP SIGNATURE-

Re: Different realm for different listeners?

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10-03-15 18:20, Chris Adams wrote:
 I see this has been asked a few times over the years (but not in
 several years), and the response was along the lines of maybe
 someday, so I figured I'd see if someday was here yet...
 
 I have a need to have a different default realm for different
 listeners. Basically, I've a bunch of different domains, and a few
 of them insist their users not be required to authenticate with
 user@domain and just use user, and I'm trying to make this work
 without separate daemons and/or VMs.
 
 I'll be using Dovecot 2.2 (most likely 2.2.10 as provided by
 RHEL/CentOS 7).
 
 Thanks.  If there's not a way to do this directly in Dovecot, does 
 anybody have any suggestion that doesn't require several different
 VMs?
 

You could drop the default realm completely, and create a second
passdb lookup which uses only the username part to lookup credentials.
This means that, as long as you have no conflicts as usernames
'j...@foo.com' vs 'j...@bar.com', you'd be able to support username
'john'.

When you're able to use the password in your sql WHERE statement [1]
too, you could even work around that, because you'd only have
mismatches when 'j...@foo.com' and 'j...@bar.com' have the same
passphrase.

[1]
http://wiki2.dovecot.org/AuthDatabase/SQL#Password_verification_by_SQL_server

Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJU/ywgAAoJEJPfMZ19VO/1mzQP/Anz44a5c7J6ir8mUgTVZEOn
bFOrkXHkntLSruOZ9FHrMJX4RYXTSbZTe9fUUx1zDXiU7Aj2VQ6LqueXt7LFUW2Z
jmPsxaHXBL8fSR8suwpzZ06/blz563Qi06HEZb2ixjITyvd3iVJCSPzVu3NLdsSH
oxAE50I2vzuFHqfN9JbXD98HuEdGedhOldjlw9MsXmUFthfAYN8N4AhCgzm7G1C8
wk0909pvUAjfDuY7mJU6Q9smDBRdvP4i/aZtKrs/G1ZGq8SPbClbjwLedQy88q76
F/5DcY0M+Z2hYHEZrBQimfUByANY0YvMlQubqQ/s/lsUSD2IdDX6K3lvYKIuKNSe
SHgnt9p6/yTAmX3gbsnB7fbbYQQNRrTHM8Uk8KWJhkxhWZpKt3BOoPMphMa5TCKR
9sBRZqIdN1vSd31Gu/QylKv0+zDeIXay7T+HVCf82KPHq/+zFzSZ1iR14V4TdOyz
SXNprdxRik49tiAHRTSMQwRmOHDel9+guhozSJVj0ISnTCeRAC5vSvGActA3Gl8l
8aMBLDf/VyS7B+Ss0aWOs8MwIrre9oAxMa937lLc3sNh48A7uw38wJmIB6L20q2n
QPlsYCm39wMgWvWi84rEhi663jBdRsZKBq+/Ou7oFHXkQmVmt1ToXw0mC5Bst9Ew
y832vTrhtp1Sl2Siv1RV
=KWRg
-END PGP SIGNATURE-

Re: Prevent a message from be deleted but not from be moved

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 22-11-14 02:40, Bruno Galindro da Costa wrote:
 Em 21/11/2014 13:25, Tom Hendrikx t...@whyscream.net escreveu:
 
 On 21-11-14 14:00, Bruno Galindro da Costa wrote:
 Is it possible to prevent a message from be deleted but not
 from be moved to another mailbox via ACL?
 
 I need this because I'm using antispam plugin with the
 mailtrain backend. It calls a script every time a message is
 moved to/from a monitored spam mailbox. But, if the user
 deletes a message from the spam folder, the script is
 executed with the option to train the antispam to consider
 that excluded message as a non spam.
 
 
 Isn't the antispam plugin setting that defines the Trash folder 
 exactly there to mitigate this behaviour? I.e.:
 
 - move from anywhere to spam folder = train as spam - move from
 spam to trash = don't train - move from spam to anywhere else =
 train as ham
 

 How can I do it Tom???

Please don't top-post.

See the manpage for dovecot-antispam that came with your install.

You're looking for the config settings 'antispam_trash' and/or
'antispam_trash_pattern', they should list the names of your Trash
directories.

Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJUcNqeAAoJEJPfMZ19VO/1gIwQAJhRNmer7WC1MTJbC0qgVLqR
bMfvYcETkOj3XEr9ReeccmsxsAJApLodnCIXwtNYAx0uM1UvUymst/BIFhQy1IGO
bRgIfegYmF6DKbC/BFhYOTkWzyISEMNQT3A0ESE91H+qOL6qHgbNiTZ0HHdeHo8e
ImvasixAmoiBcAE6a+TkAZstYfI9Xbu7xAz0ZTw6DW8qC4vwlmgXMCHk4ULw76YZ
VOPGbRURPuQmsm4fcl8HmRrNQ7BZS/DqHBVm72z58QjNH3qB+3E4VLtq1xNqRQOh
4LoUvIM3ymmhm4b0Llf5r/3tbneu9dsGsX9axa0UpRivmxajilrFgejJYXO1P0KC
NViwg+iwq9e2w+foYE9Xai9NcSbZJTtVdcdhSffS1l+pFJsEsUDkAcNGrTuGikUX
8X29b4fizTa5d5fh8gljxebeufuR/uw6YaohuAjKQ1qxsWdTE3dDwPYnUNWSHJOZ
03YI4LWLutWnn7A5hTotMc9N+oLPVWXWVzVUoJoN0YOcKFhuP2jkuc+Df9DyE0Rf
UFHuMiQ1dYb/Pi9uYyWhw7U3tLBvw8wyUj72QNvun0KhbWWi0e2Prg5iqt+iZln2
fz1SwNlVQRVpR9TUVR0c0knOTPGUjhp9rzysgRl7RWuCApLrHCjYU12MI4lHTmeA
FfRBrpp6+fD0T0zrOGWx
=0A0o
-END PGP SIGNATURE-

Re: Prevent a message from be deleted but not from be moved

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 21-11-14 14:00, Bruno Galindro da Costa wrote:
 Is it possible to prevent a message from be deleted but not from be
 moved to another mailbox via ACL?
 
 I need this because I'm using antispam plugin with the mailtrain
 backend. It calls a script every time a message is moved to/from a
 monitored spam mailbox. But, if the user deletes a message from the
 spam folder, the script is executed with the option to train the
 antispam to consider that excluded message as a non spam.
 

Isn't the antispam plugin setting that defines the Trash folder
exactly there to mitigate this behaviour? I.e.:

- - move from anywhere to spam folder = train as spam
- - move from spam to trash = don't train
- - move from spam to anywhere else = train as ham

Regards,
Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJUb1lHAAoJEJPfMZ19VO/1FaQQAJqD7rFVVPjtlVQ0OQ5mG+lQ
HpE1z3JAq+h7rkcFSSlMemRDGmy3GWZy98dYDn6swvQFGkdZs4BHHylgpWKBw92N
ACX0HTxUA8dHmz6gEBr7enA0SRlpFa6ulW+eaLzDU5CPZzIhFM9g4BbC/XPQPtea
P0c4Hxw2sj8eOFohDO9HaKmdXTVMNJjNEAm7CiYuMTVGSvbmu6c0Dz2E3Qe97e93
jY6lqsNfXpcRzHA6l1d9rVVOFHYUZsnE6o+NkkjcR1gGJ56bDy4cS+7Bm1yM12j+
xzDbLXyMvNceWIVFq6w4ZZd3RjVh17d6aUh2lyzA5oghL3crm4V8sl1KgJqk8EPy
QN+zyFwd4Wn3Sr3Ysw9TVavrOJA9FcQII7sv7Er144YS8oSQ9pV6z8tjpfNfjoBJ
uAe8QHx/xkQ5+n49Lyq4BKlCx8in9aMyKyE5mOuq+U+4vUwNUHnh0jDPKGbMliI2
VT3dspM0F4miQOwdywPppwX6moJqq2+c9Xob5m/aOSF6iCyACTukvPvnDsgMOZpQ
q5BwGOyhww7e4wQdMl7KnMrMAwP41zrHxRAdZ5REsXlswQyuijMyuFAHWU2hjNcn
IPUUBYWgpp+F8e5UdTtHb74th268UWCsEQSp44DxC8A4VmwG1gbFLtLHjKoL9RdS
ZAcFJAjOxwEu+DNj0PsU
=PzJo
-END PGP SIGNATURE-

Re: Using dovecot-lda with sendmail

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 15-11-14 00:00, Chris Szilagyi wrote:
 Hello:
 
 I'm trying to get dovecot-lda to work with sendmail on a CentOS 7 
 server.  I've tried following the instructions at the wiki, 
 http://wiki2.dovecot.org/LDA/Sendmail, by adding the lines to 
 /etc/mail/sendmail.mc, recompiling to /etc/mail/sendmail.cf and 
 restarting sendmail -- the process for any sendmail config change. 
 However it is still not working and in the maillog, it shows:
 
 sendmail[31949]: sAEM4GTt031742: to=user@localhost, 
 ctladdr=test@localhost (1000/1000), delay=00:08:31,
 xdelay=00:00:00, mailer=local, pri=210942, dsn=4.0.0,
 stat=Deferred: local mailer (/usr/libexec/dovecot/dovecot-lda)
 exited with EX_TEMPFAIL
 
 I verified that SELinux is not interfering in this case.
 
 I see talk of having sendmail run /usr/libexec/dovecot/dovecot-lda
 as other users, but I see that the file on my system is uid/gid as:
 root/root.
 
 Is there a way to get this working?  Thanks much!
 

It seems that sendamil is running the lda, but the lda has problems
that are reported by by exiting with tempfail. You should check the
logging that is emitted by dovecot-lda to find what the problem is.

Ownership of the binary should not be one of them, I think, but show
us logging from dovecot-lda and we can tell you more. 'dovecot -n'
output would also help a lot.

Regards,
Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJUZ1KuAAoJEJPfMZ19VO/1iPIP/jMZsmCEvPpcTgLoIdU0/Nig
lTPk1NlXYfxyQhYQan1pvpNRvGuVjRvYQMJyTtYKuXlHKqVhlw3R1+ma5uvUNiUr
81vh+cX8r5beKwD0+l+LJCu8/pDr30xggauMndCJ4hIGdtjAwp19DB+eBPpOz46Y
zxPc0B4fx7MPTwJJkmt9xKomuz6/EB96L8NFaurgDxpP9xZjPuo2Sr5i9gbwYBr7
x6EtoksBe/9pUo8M/NMNE4miIMyn0bBtgEc6sZ6PFMIPj9+qPIhTShDMAQnXdKSl
gPCxCN5GhQF1sYDgu7GQ0pCmTxbaIOGfn4/o9lLuUTk0uj20bQ/pOJCipz0A/Zig
rJHxFDp1kS2/JWKqQtqWZvGfsBz8ubAJUcOOtuu0I2hbU/215eY7rTbBojFtRQxD
7TCyOnSDOcjQ7AAlUPDhbAxmhEReiZMHNP4IsdqEFuw0MG3v5PFHdVzLh3P1kV6e
yHyibVakQWUCTrqpxPuPnCJE0IJ2jmvYqOz6aAV1mKrdkjLddt4DsuvJ1093M9vw
O49pPt+PhDQoPlDhVW6gZBaUiUc1O6ZKsGSAGkvIQyk2YqKqQvMjnegQlHgr6HQ9
oFtSmrTjcE38gJGyi4YgmweWH/R1x6YcU8jxbAz1tdFbhN7zD0kEsmXe8xqHcGVj
jGD5h9UrFrbFIERAZQKQ
=/fSL
-END PGP SIGNATURE-

Re: Invoking the spam checker on the sieve script

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 24-10-14 01:35, Peter Chiochetti wrote:
 Am 2014-10-23 um 17:11 schrieb Alejandro Exojo:
 
 I moved to IMAP and my filters are server side with sieve, but I
 don't have spam filtering yet.
 
 I understand, that you do not want spamassassin (SA) to check lots
 of messages that are clean anyways.
 
 If you can call SA from sieve, as a condtion in an if clause,
 filtering should be no problem, should it?
 
SIeve even has a facility for doing virus/spam filtering:
http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples#Filtering_using_the_spamtest_and_virustest_extensions

But running spamasassin on the MTA level with some whitelist entries
would also work, and is probably a lot easier to setup.

Regards,
Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJUShl3AAoJEJPfMZ19VO/1NfcQALheA5RhOsMbgy2hP0pjEhNe
O49rjC8OTAIeTD7Eb+p6bWQ+fI03uHrpmNFeq9zMdaYeiRaJQLvi34M1xK3qC53O
lyq+sPkwvqnU6Ak0G1E+UN3/BvJh22kPZJYaoMELxHh0smfnmZwNeyPjK/sBYblE
1vTo6bdPX/r9QtINxkW8cqqjlrx1FtV7PX4Nzuy/HpvtigcM8nwQFDE5QvZabXNt
pT2camQtP96YHofwFQSrND+q1y2TgCribHMPi0bWxwmktAThkEFl4kDA1KUsNVmR
2tX4nk5HHkuynCWK9oNkM8FhLyraESu1JySBsghbQFk6VBnmapsYkgcpRRnOwIGF
HFRIGbSsXwbue5HPkkLrNfIBZR1L7V4iJqmzWw19IrnOylE8okUL6KQcFWPA1yPS
6pL9VT2quIm9Eyqh3gbOEDtTtKg2tkI6E7DSmNEj0WqTnc7+Ax39r8zqTX47/b0N
8Xasiw3RANU1xUdXSXY8D4bGrSJ4GaKaOWIOQwICv6Lk6L6mIeRaK/OyNnLBGxwK
ekOFmcTG5RdboQIjzjS9S2Rxyw/KAIxHPuWYZH9cq2IM4qKxLutogQQxkKD1MIEm
IgylLkQSqnRszyz+d9shWpD1tTbXAEGN+ZNWREFHL/CeaE5YphCTvjU0nHfl+6bF
Muv/j4Qh1L2acmwnIy+O
=808Z
-END PGP SIGNATURE-

Re: Invoking the spam checker on the sieve script

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 24-10-14 11:18, Tom Hendrikx wrote:
 
 
 On 24-10-14 01:35, Peter Chiochetti wrote:
 Am 2014-10-23 um 17:11 schrieb Alejandro Exojo:
 
 I moved to IMAP and my filters are server side with sieve, but
 I don't have spam filtering yet.
 
 I understand, that you do not want spamassassin (SA) to check
 lots of messages that are clean anyways.
 
 If you can call SA from sieve, as a condtion in an if clause, 
 filtering should be no problem, should it?
 
 SIeve even has a facility for doing virus/spam filtering: 
 http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples#Filtering_using_the_spamtest_and_virustest_extensions

Never
 
mind, this was only for evaluating the headers added in an
earlier stage, not running the spam classifier itself. You could still
do that on a sieve level using extprograms, but the MTA route is a lot
easier to setup.

I did use extprograms to do automated bayes training as an experiment:
while running 2 spam filters (X and Y), if X thinks it's spam and Y is
unsure, sieve automatically triggers a script that makes Y learn the
message as spam.

Regards,
Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJUShs0AAoJEJPfMZ19VO/1wKYP/3SXXlgktjFKL7wy90zJwFcy
WoXAIMFbq2JJNbIcPDdzVR4xY7SDMTAcNNbuzJKVU/dPxNfbGIs1rlaM3hF3pdx3
nRpLhICAyD6J+IC4Ov5nBE/N0tbh5pefLkEvCyIRuKtRBljkbrKp2xy//mad+5yP
pBkGVwNYaLcLeYsTIkiDD6zErRJknXJw/ddnsRRfAb/dwOT38XdP72ZzojndI3CC
+hbh21iaTebkyNAL1N7ekR/IJ/kMK9cPDLKWoM/aa7SFpqYkd2tNqIBHmwDhXbAw
MhF/S46qvejbBCqFhEvfoWWpIJrHeji5QfSpYe9fp5K3cQtN/gdVcl0w7T+vr8C1
UHnvoCIGNeN6HsabaTyNnoKh90oneEO7io6/e5AsZWPkBll3jgBmxHwctojd4/qC
bQRqK7LXyMia+ff+YgHmseyif56dLX6R96CFI3Y1OhnMPRQxPlSczTDEXPpRxiwl
bpIa54iJP9bitooq024F31/olaSy4qpsAzDe4tEm3J2iRHh3RcGDQbMw+ogiVTn/
owuvzxBBj/0Hx8HswYrp2hOy+jt29kbTNpP2fmfev66aRYERJT7SUeRlwL5mfNwt
BuVy28ctq0JXuc/X7NfkGo4wRJedy2RmKnODVRg9JFXAtIy/GbJ4d8hYxt2MAD6f
Ubl/0gv96T2GSgi31CKu
=W8PB
-END PGP SIGNATURE-

Re: dovecot-lda from postfix on remote dovecot server

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 24-10-14 12:20, nik600 wrote:
 Dear all
 
 i've got many SMTP front-end that filter the mail and do some
 custom stuff... then when i've decided the final destination i'd
 like to call
 
 /usr/lib/dovecot/dovecot-lda to deliver the mail.
 
 Actually i have in master.cf:
 
 #à dovecot   unix  -   n   n   -
 -   pipe flags=DRhu user=vmail:vmail null_sender= 
 argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient} 
 #à
 
 I'd like to know if is possible to use some other command or some 
 additional parameter to deliver the mail to a remote dovecot
 server.
 

You could enable LMTP on the remote server, and deliver to that. I
don't know how secure that is: do postfix and dovecot both support
lmtp over tls, and does that even matter when hardware is in the same
rack and has dedicated networking?

Or you could install an MTA on the remote server which delivers to
dovecot, and configure postfix to relay the mail to that mta.

Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJUSimhAAoJEJPfMZ19VO/10ngP/0dF4PqkFE7vy+jCxlM7tkN/
dhr+btTSNhcjKlt1BgGkH4AJEidQLXKqFX7YOcAs+ZdLPwKthxIP8irokZwM0GkT
d1crTQ0HoA8a3Mw6gw1Xw4qrpQnhhzBjEK4yPWLe9gig+ocgozfWM8+8sSNzZa5S
9R8WzaAXhAox8ppZT9BR3a+hHPih0BSYA9yKwGQ2T/OzLjHhytLE46ZBmjBL09tp
UM+ifYcjko1udFkZumbyGrdVBDjg3wG0veC+bCmFwLldOM7+cfsNqwuil5BST0JC
Lz/98by/8mDJcF8645lcRkKkIGgQhmIg1VxjeGXRThFM64k+8iauClPb0/bdpvzw
GvDN51R0ljjR8nGU2zpnax+BaxItgo8inDpE5CVaaH3gKAwpxaKOdgkABLldGMPH
hNLpajHO15c/I/MNktDjRNojm9vP39jh7YRFVpkg6s2QjsDdjiP5EhaJkdfKe334
hpVI5nJNwZUAuUCE72h0MO2vPesQZzZjH4T7WpxTCcVja3VNQnmWoJ/6MOgzHKOt
l7jksmJwIFKukSTLZf1zEehyDjBcpbvDmgOY5r52SmBeY0QGyq7QpMs30iXFRmX0
Qj8BYrknXB8EdV0GXb3voRxjjT6H4nBYfBkfQYOSMTxZ5g19NQ6Zzy5bpVpPfPQ+
9pYFJ0mnxaV2vYdhXxvo
=VY8B
-END PGP SIGNATURE-

Re: [Dovecot] Disable maildir indexing and dovecot-uidlist on LMTP/LDA delivery

[Tom Hendrikx]

On 04/02/2014 12:27 PM, Jouko Nikula wrote:
 Hello all,
 
 Is there a way to use LMTP (or LDA) so that maildir index and
 dovecot-uidlist are not updated?
 
 My setup is such that mail delivery sees user's maildir as write only. This
 setup works well when using postfix for mail delivery, but when I try to
 switch to dovecot LMTP the lmtp process wants to read the dovecot-uidlist
 and fails on insufficient privileges. Is there a way around this without
 exposing the maildir and mail home  for read access?
 
 Regards,
 Jouko Nikula
 

When indexes cannot be updated upon delivery, there is no real benefit
in using dovecot's delivery mechanisms. So you could just simply let
postfix deliver the messages.

Tom

Re: [Dovecot] Connection refused userdb lookup ..dovecot/auth-userdb

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 26-03-14 12:01, Charles Marcus wrote:
 On 3/25/2014 4:08 PM, Simon grem...@gmail.com wrote:
 On Wed, Mar 26, 2014 at 12:15 AM, Charles Marcus 
 cmar...@media-brokers.comwrote:
 On 3/24/2014 7:10 PM, Simon grem...@gmail.com wrote:
 Mar 13 09:55:44 vmail1 dovecot: lda: Error: userdb lookup: 
 connect(/usr/local/dovecot/var/run/dovecot/auth-userdb)
 failed: Connection refused
 
 So, your SQL userdb is refusing connections from dovecot...
 
 Fix this...
 
 Thanks Charles, I have looked into this and tried to fix
 permissions but still have the same issue. I have tried changing
 the permissions on the auth-userdb to 0666 (see below) as well as
 setting the permissions of /usr/local/dovecot/var/run/dovecot/ to
 777 just for testing.
 
 You misunderstood...
 
 I didn't say the filesystem permissions were wrong.
 
 Your SQL SERVER is refusing the connection.
 
 The user (vmail) you are using to connect to the SQL server doesn't
 have permission to talk to it.
 
 This needs to be fixed IN THE SQL SERVER ACCESS PERMISSIONS for
 the 'vmail' user.
 

Charles, auth-worker would have logged errors about sql access if that
was an issue. lda doesn't do sql queries by itself, it sends the
queries to the auth socket instead, and that fails.

The socket is not usable, as was already observed upthread by doing
tests as root using socat. I'm still opting for
selinux/apparmor/rsbac/etc issues here.

Simon, are you sure you're not missing any logging on that? I'm not
really experienced in thoose systems, but everytime I run into issues
with them , they sure fill my logs with all kinds of cryptic stuff ;)

Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTM6YiAAoJEJPfMZ19VO/1+kQQAIacvfL2gQLlVOmavsgM2lBT
N5sJTVdhXPXPJ/xzjH5X+nHZ2Y4G1FBkuMakv1t1ltrbS/KYmEIcaZTeNFlqKeD+
UJtucYi9aaLKzpCAz2ZvlX7ferUz3duvUssp6qWFzwTPPr/Gk+JwtG23C+FxSKac
G/HtJXbC4KJc8dz8tJmY8XyI8mzbnjNzxJ+Xa1Gml/1sdjvv9J/xjwDEPoGfGCb/
XYK35wqshzyOgzmp1kPGvqrTAZYRW3enG7pHvqtq9rMVbyHqoFjVIdOkl8GNxWnj
l6DB9E/2+Z9P7os40jwmb77kL7GgOGDMwWbtiHJAnESbF5aYuXmQhwTBFAfTBbty
AwuqbbXOBMuG9QcV3j5gYA6KccEcX+7ulqMNFJ4vpcVdSl+SrFp06nQMhfwn4jyg
uPvkrqmgrJCfQ6prSoQxHTaC+2J1Cv9ftRwKSwReaRmzCOOCq/muI7ltq++9hY8u
z4dxLUFAXexCx9wf71TOOiTbKeo9iuLZMS+HXZn7vYeQt7y+ziCQWU5ZrSmL73nC
zqv3TR+ap9x5qVQpK7EoGlMOpa4uKGykztCAmaOwR8y5FSnaw9+d3Cfxmy1PkYLI
fLm0VHk4uOMrbps8oLfAYSXX3cgOeoGt9Ixni/Ce+me9Cdsid1wf0dczKYTX5X41
XkFPhM4OPiHq5RBzml0M
=1vTO
-END PGP SIGNATURE-

Re: [Dovecot] Connection refused userdb lookup ..dovecot/auth-userdb

[Tom Hendrikx]

On 03/24/2014 04:14 AM, Simon wrote:
 On Sun, Mar 16, 2014 at 9:02 PM, Simon grem...@gmail.com wrote:
 


 On Thursday, March 13, 2014, Steffen Kaiser skdove...@smail.inf.fh-brs.de
 wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On Thu, 13 Mar 2014, Simon wrote:

  Ive taken a look at this and cant quite figure out what is going on
 here. I have tested all the SQL permissions, and also changed the
 unix_listener auth-userdb mode to 0666 (as instructed elsewhere to try and
 solve this issue), but cannot seem to work out what the issue is.


 what happens if you connect to that socket manually, e.g.:

 # sudo -u lda-user socat - UNIX:/usr/local/dovecot/var/
 run/dovecot/auth-userdb
 VERSION 1   1
 SPID1746

 Maybe first try as root, then with the partucular users.


 Thanks for the reply! I tried this as root and got the following:

 [root@vmail1 ~]# socat -
 UNIX:/usr/local/dovecot/var/run/dovecot/auth-userdb
 2014/03/16 20:57:05 socat[24404] E connect(3, AF=1
 /usr/local/dovecot/var/run/dovecot/auth-userdb, 48): Connection refused

 Seems a bit wierd that I can't connect as root?

 Hi All, Ive been googling the crap out of this but still cant seem to make
 it work.. any assistance would be really appreciated thanks! :)
 

Please don't top-post...

Some ideas:

1) Show full output of 'doveconf -n'
2) How do permissions of the socket look like? Show full output of 'ls
-al /usr/local/dovecot/var/run/dovecot/'
3) Do you use SElinux or some other access control system? Any output in
syslog/kernel logging?

Tom




signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Filtering spam in an offlineimap + dovecot setup

[Tom Hendrikx]

On 12-02-14 14:03, Alan Schmitt wrote:
 Hello,
 
 To easily access my mail both offline on my computer and on my 
 phone, I am synchronizing a local copy on my computer using 
 offlineimap. As the spam filtering options provided on the server 
 are not sufficient, I am now looking into client-side spam 
 filtering.
 
 My current setup is as follows. Mail is synchronized using 
 offlineimap, and delivered to a local dovecot server:
 
 --8---cut here---start-8--- 
 [Repository LocalIMAP] type = IMAP preauthtunnel = 
 /usr/local/Cellar/dovecot/2.2.10/libexec/dovecot/imap -c 
 ~/.dovecotzimbra.rc --8---cut 
 here---end---8---
 
 The configuration of the local server is simply:
 
 --8---cut here---start-8--- 
 protocols = imap mail_location = 
 maildir:~/.Maildir/zimbra:INBOX=~/.Maildir/zimbra/.INBOX 
 --8---cut here---end---8---
 
 I then read my mail using gnus, and index it using notmuch.
 
 A suggestion I've been considering is use the pigeonhole sieve 
 extprograms plugin 
 (http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Extprograms) to
  call the spam filter (I've been looking at dspam at the moment). 
 However, I could not find how to configure the use of sieves in the
 context of offlineimap. Hence my questions:
 
 Is it possible to use dovecot sieves in such a setting? Is there a
  howto that explains how to do it?

You could simply enable sieve in the dovecot environment. The
offlineimap + dovecot setup you have running already can be left
mostly intact: it has nothing to do with offlineimap.

You could just setup sieve per the dovecot wiki guidelines, and then
create a sieve script that uses the ext_programs plugin to call dspam
(or any other filter that adds headers and is able to print the
message including those added headers to stdout).

I'm not sure if it's necessary to do the delivery to dovecot using
Dovecot's deliver LDA, or that you can keep using the
'...libexec/dovecot/imap' binary for that in order to have sieve
support. Maybe someone else can fill that in.

Regards,
Tom

Re: [Dovecot] dovecot -n FATAL

[Tom Hendrikx]

On 02/06/2014 09:29 AM, Phil wrote:
 On 6/02/2014 6:23 PM, Steffen Kaiser wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On Thu, 6 Feb 2014, Phil wrote:

 Im new to postfix-dovecot

 and Unix/Linux, too?

 Technically yes! Less than 2 years experience running a live server . . .
 
   and im mystified by the following results
 in ubuntu 10.04lts

 :~$ dovecot -n
 # 1.2.9: /etc/dovecot/dovecot.conf
 Error: ssl_key_file: Can't use /etc/ssl/private/ssl-mail.key:
 Permission denied
 Fatal: Invalid configuration in /etc/dovecot/dovecot.conf

looks like a non-root prompt ...


 ~$ sudo ls -dl /etc/ssl/private/ssl-mail.key
 lrwxrwxrwx 1 root root 38 2013-11-27 08:35
 /etc/ssl/private/ssl-mail.key - /etc/ssl/private/ssl-cert-snakeoil.key

using sudo here, so yes...

Since doveconf reads the ssl cert, the user that runs doveconf needs
access to the file too. Try again as root (or using sudo)...

Regards,
Tom



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] 'unknown user' using dovecot LDA

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 22-12-13 16:43, Charles Marcus wrote:
 Ok, one more issue to resolve.
 
 The old server was still using the postfix/virtual for delivery,
 but the new one is using the dovecot LDA.
 
 Now, when an email generated locally by a cron job is delivered,
 this shows in the log:
 
 2013-12-22T10:29:55-05:00 host postfix/pickup[31400]:
 C67FD90F676B2: uid=0 from=newsrv+rkhun...@example.com 
 2013-12-22T10:29:55-05:00 host postfix/cleanup[22349]:
 C67FD90F676B2: 
 message-id=20131222152955.c67fd90f67...@smtp2.example.com 
 2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2: 
 from=newsrv+rkhun...@example.com, size=1555, nrcpt=1 (queue
 active) 2013-12-22T10:29:55-05:00 host dovecot:
 auth-worker(22365): passwd(us...@example.com): unknown user

This is an error from the passwd authentication backend, not from the
mysql one you're checking below. Seems that you have 2 auth backends
enabled in dovecot...

 2013-12-22T10:29:55-05:00 host dovecot: lda(us...@example.com): 
 msgid=20131222152955.c67fd90f67...@smtp2.example.com: saved mail
 to INBOX 2013-12-22T10:29:55-05:00 host postfix/pipe[22361]:
 C67FD90F676B2: to=user1+rkhunter-rep...@example.com,
 relay=dovecot, delay=0.06, delays=0.02/0/0/0.04, dsn=2.0.0,
 status=sent (delivered via dovecot service) 
 2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2:
 removed
 
 The mail was delivered (as the log also clearly shows), but what is
 with the 'unknown user'?
 
 I'm not sure how I can test my maps with dovecot, but testing with 
 postfix shows:
 
 # postmap -q us...@example.com
 mysql:/etc/postfix/maps/mysql/vmm.cf example.com/user1/
 
 Which is correct.
 
 And my dovecot-sql-conf.ext contains:
 
 driver = mysql connect = host=localhost dbname=db_name user=dbuser
 password=password default_pass_scheme = CRYPT password_query = \ 
 SELECT username AS user, password \ FROM mailbox WHERE username =
 '%u' user_query = \ SELECT CONCAT('/var/vmail/', maildir) AS home
 \ FROM mailbox WHERE username = '%u' iterate_query = SELECT
 username AS user FROM mailbox
 
 I confirmed the db info is identical to what postfix is using.
 
 Oh - and in order to make sure that all usernames are lowercased, 
 shouldn't I change '%u' above to '%Lu'?
 
 Appreciate any suggestions on where to go next... thanks
 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJStwoaAAoJEJPfMZ19VO/1MkIQAK2u3lQOUI6zHGQzoO7iNjQP
OAHmFyn/QnPSRGd7O+EAHSG6vvz6QBgf0qpUSym8nPu+jDaG564eZwqfQu1cIa2c
uerz0ZDYk8hu4XqKHP83c/A5SsoG8QbmO0LTwr3wSSvmvOS4G1agMqpZt2r5r2pG
aiAbHgQYWbp906F0absak/W4XAIJltqiIxQ1QcFhhXjovmiQTxugiCgx7RhxY5dx
Li1KWzGZbl9cANQvUn8Sy7UIkYtu40qcZn150DYq3iKKT2cA18PSSPA8Rur/zigT
vidhIB+h0p+qNlGKs1rUlKifX2fD9JhGa/GinotBi33PTZPsTzVzYESgBYR9/nFH
ekgraAJ+xHva2K0dKartzzddHvweAub0PxXn4YZw5X4fxYyITGuWqDBsB2Pn38XW
xQRjWQ2nnjNH7YHrCiwAcykU71jT6kYJwSBp1SxkWRHlk9HTDPKH0P+SRJJ03Bri
2CfkutX8GNVNXlME2G1yqDhV03XOPziEwdRUSB5t2jgZWrMYTE21zfpLLLUYhNKa
JYnShmpEkRk9VpGquk1fCTMZNtTIomdcqwtfd0r0cPwXFx2KVTBJfkvwR8CCX850
QgiwlTARaLrF8VVT9ujLP2uBieoeDOIJOEAFs86BxQVmLqBkZJVn3raJikhzoHJo
pxe1lAFyeF5C7zjD1i5x
=rG+d
-END PGP SIGNATURE-

Re: [Dovecot] prohibit deletion of Junk folder

[Tom Hendrikx]

On 11/25/2013 12:50 PM, Alexandre Ellert wrote:
 Hi,
 
 I have an issue with a sieve_before rule (the script move incoming email to 
 Junk folder when DMARC=fail and policy is quarantine) because one of my user 
 delete his Junk folder :
 
 dovecot: lda(myu...@domain.com): Error: sieve: execution of script 
 /etc/dovecot/sieve_before/01-dmarc-fail.sieve failed, but implicit keep was 
 successful: 1 Time(s)
 dovecot: lda(myu...@domain.com): Error: sieve: 
 msgid=20131124212217.5f346580...@anotherdomain.com: failed to store into 
 mailbox 'Junk': Mailbox doesn't exist: Junk: 1 Time(s)
 
 How can I do to prohibit the deletion of Junk folder by end users ?
 Tell me if you need 'dovecot -n' and thanks for your advices.
 
 Alexandre.
 

Can't you make sieve re-create the folder when it's missing?  Simply set
lda_mailbox_autocreate=yes if you use dovecot lDA, and/or use 'fileinto
:create Junk;' in the sieve script.

Regards,
Tom



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Dovecot 2.2.7/2.2.8 failing to call dspam with antispam

[Tom Hendrikx]

On 11/25/2013 01:17 PM, Guillaume Hilt wrote:
 Hello again,
 
 I'm running Gentoo AMD64 2013 with postfix, mysql, dovecot and dspam :
 dovecot 2.2.8 (it was working fine with 2.2.6 after doing a chmod 4511
 on dspam binary), dspam 3.10.2-r1 and dovecot-antispam-2.0_pre20130429
 (recompiled after each dovecot upgrade).
 
 I've set dspam to debug, and mail_debug to yes.
 
 uid 1001 is user vmail (dovecot is running under vmail)
 gid 12 is group mail (vmail is a member, with
 mail,postfix,dspam,dovecot,apache)
 All the necessary users are trusted in dspam configuration.
 
 Here's my plugin settings :
 antispam_verbose_debug = 1
 antispam_debug_target = syslog
 antispam_backend = dspam
 antispam_allow_append_to_spam = NO
 antispam_skip_from_line = NO
 antispam_spam = Spam
 antispam_trash = Trash
 antispam_signature = X-DSPAM-Signature
 antispam_signature_missing = error
 antispam_dspam_binary = /usr/bin/dspam
 antispam_dspam_args = --user;%u;--deliver=;--source=error;--signature=%%s

Configured to use the mail recipient

 antispam_dspam_spam = --class=spam
 antispam_dspam_notspam = --class=innocent
 antispam_dspam_result_header = X-DSPAM-Result
 
 When i'm moving an email to the dspam folder, Thunderbird throw me an
 error : Failed to call dspam (email is dropped in the Spam folder
 anyway, but a copy stay on my INBOX)
 
 == /var/log/mail/mail/log ==
 Nov 25 13:01:04 srv1 dovecot: imap: Debug: Loading modules from
 directory: /usr/lib64/dovecot
 Nov 25 13:01:04 srv1 dovecot: imap: Debug: Module loaded:
 /usr/lib64/dovecot/lib90_antispam_plugin.so
 Nov 25 13:01:04 srv1 dovecot: imap: Debug: Added userdb setting:
 plugin/maildir=shadowprojects.org/ghilt/
 Nov 25 13:01:04 srv1 dovecot: imap(gh...@shadowprojects.org): Debug:
 Effective uid=1001, gid=12, home=/home/vmail/shadowprojects.org/ghilt/
 Nov 25 13:01:04 srv1 dovecot: imap(gh...@shadowprojects.org): Debug:
 Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no,
 list=yes, subscriptions=yes
 location=maildir:/home/vmail/shadowprojects.org/ghilt/.maildir
 Nov 25 13:01:04 srv1 dovecot: imap(gh...@shadowprojects.org): Debug:
 maildir++: root=/home/vmail/shadowprojects.org/ghilt/.maildir, index=,
 indexpvt=, control=,
 inbox=/home/vmail/shadowprojects.org/ghilt/.maildir, alt=
 Nov 25 13:01:04 srv1 dovecot: imap(gh...@shadowprojects.org): Debug:
 Namespace : Using permissions from
 /home/vmail/shadowprojects.org/ghilt/.maildir: mode=0770 gid=default
 Nov 25 13:01:04 srv1 dovecot: imap(gh...@shadowprojects.org): Debug:
 dspam error:29764 prefix=imap(gh...@shadowprojects.org):
 Nov 25 13:01:04 srv1 dovecot: imap(gh...@shadowprojects.org): Debug:
 executing /usr/bin/dspam failed: 13 (uid=1001, gid=12)
 Nov 25 13:01:04 srv1 dovecot: imap: Error:
 Nov 25 13:01:04 srv1 dovecot: imap: Error:
 
 == /var/log/dspam/dspam.debug ==
 9976: [11/25/2013 13:12:23] DSPAM Instance Startup
 9976: [11/25/2013 13:12:23] input args: /usr/bin/dspam --user
 gh...@shadowprojects.org --deliver= --source=error
 --signature=89,52900600118151560172939 --class=spam

Called using the mail recipient

 9976: [11/25/2013 13:12:23] pass-thru args:
 9976: [11/25/2013 13:12:23] processing user gh...@shadowprojects.org
 9976: [11/25/2013 13:12:23] uid = 1001, euid = 0, gid = 12, egid = 12
 9976: [11/25/2013 13:12:23] loading preferences for user
 gh...@shadowprojects.org
 ...
 9976: [11/25/2013 13:06:08] DSPAM Instance Shutdown.  Exit Code: 99
 9976: [11/25/2013 13:06:08] process_users() failed on error 9
 
 If i try to call dspam like this, it works :
 sudo -u vmail /usr/bin/dspam --source=error --class=spam
 --signature=4be87a9f953248352114216 --client --user vmail

Called spam using some other user.

 
 Any idea ?
 

The user ghilt@... is not recognized in your dspam setup. You should
change the antispam config to use a static username, or make dspam
accept your recipient addresses.


Regards,
Tom

Re: [Dovecot] Dovecot 2.2.7/2.2.8 failing to call dspam with antispam

[Tom Hendrikx]

On 11/25/2013 01:47 PM, Guillaume Hilt wrote:
 It works, there was just a mistake in my command line :
 
 $ sudo -u vmail /usr/bin/dspam --source=error --class=spam
 --signature=89,52900600118151560172939 --client --user
 gh...@shadowprojects.org
 
 ...
 16004: [11/25/2013 13:43:46] destroying/freeing configuration
 16004: [11/25/2013 13:43:46] match attribute 'Broken' with value
 'returnCodes'
 16004: [11/25/2013 13:43:46] find attribute 'Broken'
 16004: [11/25/2013 13:43:46]  - found attribute 'Broken' with value
 'returnCodes'
 16004: [11/25/2013 13:43:46]  - matched attribute 'Broken' with value
 'returnCodes'
 16004: [11/25/2013 13:43:46] DSPAM Instance Shutdown.  Exit Code: 99
 16004: [11/25/2013 13:43:46] SEND: 250 2.6.0 gh...@apteo.com Message
 accepted for delivery: SPAM
 16004: [11/25/2013 13:43:46] checking trusted user list for root(0)
 16004: [11/25/2013 13:43:46] SRECV: QUIT
 
 The user ghilt@ exists in mysql dspam_virtual_uids table.
 

The test is still different: dovecot config doesn't use '--client', but
commandline does. Also: the debug log for dspam shows a different
username as you are passing in.

Anyway: DSPAM is simply returning an error which is why the antispam
plugin reports failure. You're having a DSPAM config issue, not a
dovecot/antispam issue.

   Guillaume Hilt
 
 Le 25/11/2013 13:39, Tom Hendrikx a écrit :
 On 11/25/2013 01:17 PM, Guillaume Hilt wrote:
  Hello again,

 I'm running Gentoo AMD64 2013 with postfix, mysql, dovecot and dspam :
 dovecot 2.2.8 (it was working fine with 2.2.6 after doing a chmod 4511
 on dspam binary), dspam 3.10.2-r1 and dovecot-antispam-2.0_pre20130429
 (recompiled after each dovecot upgrade).

 I've set dspam to debug, and mail_debug to yes.

 uid 1001 is user vmail (dovecot is running under vmail)
 gid 12 is group mail (vmail is a member, with
 mail,postfix,dspam,dovecot,apache)
 All the necessary users are trusted in dspam configuration.

 Here's my plugin settings :
 antispam_verbose_debug = 1
 antispam_debug_target = syslog
 antispam_backend = dspam
 antispam_allow_append_to_spam = NO
 antispam_skip_from_line = NO
 antispam_spam = Spam
 antispam_trash = Trash
 antispam_signature = X-DSPAM-Signature
 antispam_signature_missing = error
 antispam_dspam_binary = /usr/bin/dspam
 antispam_dspam_args =
 --user;%u;--deliver=;--source=error;--signature=%%s
 Configured to use the mail recipient

 antispam_dspam_spam = --class=spam
 antispam_dspam_notspam = --class=innocent
 antispam_dspam_result_header = X-DSPAM-Result

 When i'm moving an email to the dspam folder, Thunderbird throw me an
 error : Failed to call dspam (email is dropped in the Spam folder
 anyway, but a copy stay on my INBOX)

 == /var/log/mail/mail/log ==
 Nov 25 13:01:04 srv1 dovecot: imap: Debug: Loading modules from
 directory: /usr/lib64/dovecot
 Nov 25 13:01:04 srv1 dovecot: imap: Debug: Module loaded:
 /usr/lib64/dovecot/lib90_antispam_plugin.so
 Nov 25 13:01:04 srv1 dovecot: imap: Debug: Added userdb setting:
 plugin/maildir=shadowprojects.org/ghilt/
 Nov 25 13:01:04 srv1 dovecot: imap(gh...@shadowprojects.org): Debug:
 Effective uid=1001, gid=12, home=/home/vmail/shadowprojects.org/ghilt/
 Nov 25 13:01:04 srv1 dovecot: imap(gh...@shadowprojects.org): Debug:
 Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no,
 list=yes, subscriptions=yes
 location=maildir:/home/vmail/shadowprojects.org/ghilt/.maildir
 Nov 25 13:01:04 srv1 dovecot: imap(gh...@shadowprojects.org): Debug:
 maildir++: root=/home/vmail/shadowprojects.org/ghilt/.maildir, index=,
 indexpvt=, control=,
 inbox=/home/vmail/shadowprojects.org/ghilt/.maildir, alt=
 Nov 25 13:01:04 srv1 dovecot: imap(gh...@shadowprojects.org): Debug:
 Namespace : Using permissions from
 /home/vmail/shadowprojects.org/ghilt/.maildir: mode=0770 gid=default
 Nov 25 13:01:04 srv1 dovecot: imap(gh...@shadowprojects.org): Debug:
 dspam error:29764 prefix=imap(gh...@shadowprojects.org):
 Nov 25 13:01:04 srv1 dovecot: imap(gh...@shadowprojects.org): Debug:
 executing /usr/bin/dspam failed: 13 (uid=1001, gid=12)
 Nov 25 13:01:04 srv1 dovecot: imap: Error:
 Nov 25 13:01:04 srv1 dovecot: imap: Error:

 == /var/log/dspam/dspam.debug ==
 9976: [11/25/2013 13:12:23] DSPAM Instance Startup
 9976: [11/25/2013 13:12:23] input args: /usr/bin/dspam --user
 gh...@shadowprojects.org --deliver= --source=error
 --signature=89,52900600118151560172939 --class=spam
 Called using the mail recipient

 9976: [11/25/2013 13:12:23] pass-thru args:
 9976: [11/25/2013 13:12:23] processing user gh...@shadowprojects.org
 9976: [11/25/2013 13:12:23] uid = 1001, euid = 0, gid = 12, egid = 12
 9976: [11/25/2013 13:12:23] loading preferences for user
 gh...@shadowprojects.org
 ...
 9976: [11/25/2013 13:06:08] DSPAM Instance Shutdown.  Exit Code: 99
 9976: [11/25/2013 13:06:08] process_users() failed on error 9

 If i try to call dspam like this, it works :
 sudo -u vmail /usr/bin/dspam --source=error --class=spam
 --signature=4be87a9f953248352114216

Re: [Dovecot] Mail filters in incoming message

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 19-11-13 11:30, Jos Chrispijn wrote:
 With my iMap client, I use various mail rules to move specific
 email to the right mail folders. Downside of that is that is this
 mailclient is not online, all email is stuck in my inbox, which
 makes reading email by mobile phone kind of chaotic.
 
 I have seen several Pigeonhole Sieve examples, but I would like to
 know if there is a nub solution (I am not a programmer) to run
 filters when they enter my mail server (Postfix 2.10.2,1 icw
 Dovecot 1.2.17) or if there is a user friendly GUI available to set
 these filters? Perhaps Anyone interested to create such a GUI?
 

There are several guis implemented in webmail applications, f.i.
roundcube and modoboa. I'm not aware of standalone sieve guis, but I
never searched for them. The webmail stuff should work fine when you
want to do simple sieve stuff, but if you want to use the awesome
stuff, you'll to learn the sieve language ;)

Sieve is no programming language, and quite clear about which commands
do what: when you get a feel for it, you can read a script and tell
directly what it does.

You could just start with a gui and learn from that. I find the error
messages in the Thunderbird Sieve plugin very useful when writing new
rules.

Regards,
Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSi7hHAAoJEJPfMZ19VO/1SgQQAL9rvZWxbDLH0tACLbjRxIuZ
Ogx5GqHYsAo7fsjYQS27W4e0LaPD5nZfVThTDJvSTG8YnvdbWgAktbkGGUYDxX4F
va20Qjxiwkr8Ck8NmIqB/sEtrMAn54AccPleJLmYFy/umP/7vHrtItVAy3FcxjGG
yKK7h/ZGOj1B6c5lNULRm+Ww1m/2BjZkHAsCScgjwKx6Pw7QKVpUmLokOftoE2AU
Db4M2qmPF24rRvZk7UA4LcJQRTHiwmBOQI6dfy3qEY3bJFF/hPNgrpMJjvFxkX/N
jI5Q0ZlaQI2eDgtQltW3KzxoAhxJTot/ydiaH9qWTsoczhFNb/unPJOQbHWjCz5q
as1kNNQ4yBgzp7nSCArMWdS1zSXvvZGR44veePzOBzRYYX7V8gV3YDucrrwpKPJG
iV7I173Or1su1IcavtNSNI/YCyKSJiEtf3/H5ADKQ/XKVwR6txyayj627rPHU1Yl
SUzaMjQOrI7ObhD43HHm/MOO9evf/rS5i7/45x8DNa4EniPREBOgS4isaJOwBVQV
fYSPNrsD/tcJEMsxpy8REOg2YS4jqzYj7Gk5B0Ah2y5gR5lPeqmNAK51h+oCabgM
Jcz/FV1nXJSOMdaKMNjAqLiGNtIoweV7lxIKw2vad/XdWwJTdRAU963FU1VOYSI8
SkfdJLvG3RCsc9s8FZ4i
=lMaz
-END PGP SIGNATURE-

Re: [Dovecot] Dovecot MTA

[Tom Hendrikx]

On 11/11/2013 01:59 PM, Timo Sirainen wrote:
 On 11.11.2013, at 13.29, Charles Marcus cmar...@media-brokers.com
 wrote:
 
 On 2013-11-10 4:46 PM, Reindl Harald h.rei...@thelounge.net
 wrote:
 maybe the 1.0 wiki should be deleted if that helps even you to
 understand that 1.x is EOL long time ago? there where 2.0 and 2.1
 and so who do you think is wasting it's time supporting *four
 major releases*?
 
 Well, it would probably be a good thing to add a major, impossible
 to miss disclaimer on all wiki1 pages that the 1.x series is no
 longer supported...
 
 Wietse did the same thing for old/obsolete postfix pages way back
 (I remember when it came up on the mail list) by adding a
 watermark/background to all old/obsolete pages... here is an
 example:
 
 http://www.postfix.org/spam.html
 
 That’s also been my plan, but for a long time I didn’t do it because
 Debian was still using Dovecot v1.x. But yeah, now’s a good time.
 Added.
 

In addition to this, it could be a nice idea to move all dovecot 1.x
content to the wiki1.dovecot.org subdomain. Searches for 'dovecot
generic feature' in google are persistently showing wiki.dovecot.org
as top hits, and the wiki2 contents with lower priority. That surely
doesn't help beginners...

For example: https://www.google.nl/search?q=dovecot+lda

Regards,
Tom



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] pigeonhole sources no more available

[Tom Hendrikx]

Hi,

The physical address details on both sites look the same, and the
domains share the rename-it dns infra. I guess Stephan simply screwed up
his vhost config...

See google cache for old site:

http://webcache.googleusercontent.com/search?q=cache:0A6QBfSIBDUJ:www.rename-it.nl/index.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D4%26Itemid%3D4+cd=2hl=enct=clnkgl=nlclient=ubuntu


Regards,
Tom

On 10/29/2013 04:49 AM, Noel Butler wrote:
 u someone doesnt use DNSSEC... its been hijacked me thinks
 
 http://www. medicalbits.  nl/    really?  :)
 
 
 On Tue, 2013-10-29 at 14:05 +1100, m...@electronico.nc wrote:
 
 Hi all,
 Please excuse me for this message but I can't find the pigeonhole 
 sources available anymore.
 This page : http://pigeonhole.dovecot.org/download.html
 Points to (for latest sources) : 
 http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-0.4.2.tar.gz
 And it seems that : www.rename-it.nl
 is now : http://www.medicalbits.nl
 So we get 404 error ...
 Could someone point us the to right URL and, maybe, update 
 pigeonhole.dovecot.org ?
 Thanks in advance for your time.
 Nicolas
 
 
 




signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Problem with dovecot-lda

[Tom Hendrikx]

On 29-10-13 22:00, Wolfgang Ganzert wrote:
 Hello Ladies and Gentlemen,
 
 first of all I have to say that dovecot is really impressive. I seems to be a 
 very goot IMAP server and has in general a good documentation.
 
 I'm a beginner regarding the administration so please excuse if my questions 
 sound silly but I want to learn to administrate these sophisticated things.
 
 Now here's my configuration:
 Linux openSuSE 12.1
 Postfix 2.8.8
 Dovecot 2.0.16
 
 Boundary condition:
 Postfix as smtp (Postfix is configured as relay server; mail is sent to 
 smtp.web.de if mail is not locally distributed)
 Dovecot  as IMAP server in my private network (192.168)
 
 Situation:
 I want to store outgoing mail which is send by postfix also in a SENT 
 folder 
 in Dovecot. The SENT folder is available and created through the plugin 
 autocreate. The main.cf file from postfix contains the following mailbox 
 command:
 
 mailbox_command = /usr/lib/dovecot/dovecot-lda -f $SENDER -a $RECIPIENT 
 -m 
 SENT
 
 If I send a simple mail from the shell with the following command
 
 echo Hello me | mail -s Dovecot test 50, shell nach SENT $USER
 
 the mail is send to my mailbox and stored in the folder SENT as unread.
 
 Problem:
 1.
 I would expect to have to mails coming in; one in my SENT folder because 
 this is copy of the mail and another one which is the incoming folder because 
 the mail was sent to me. But, there is no mail in the incoming folder.
 2.
 If I use a mail client like kmail2 the same thing happens. The mail is 
 distributed to the SENT folder but there's no copy in the incoming folder.
 3.
 If I send a mail to my adress at @web.de with the postfix configuration from 
 above I do not receive the mail at web.de. 
 4.
 If I send a mail to my adress at @web.de with a postfix simplified mailbox 
 command NOT containing the mailbox with -m, then mail is send to web.de and 
 there I receive it in the incoming box. This is the simplified command:
 mailbox_command = /usr/lib/dovecot/dovecot-lda -f $SENDER -a $RECIPIENT
 
 Summary:
 All examples from above show that I do not get a COPY of the outgoing mail in 
 my SENT folder but it's the REAL mail. 
 
You are correct ;)

You need 2 copies of the e-mail: one that is delivered to the recipient
(on- or offsite), and one copy needs to go in your sent folder. To fix
it, you could bcc yourself and store the bcc in the sent folder.

Postfix can do that using always_bcc / recipient_bcc_maps. You should
generate that only for the non IMAP sent e-mails (no idea on how to
detect that), and then send that copy to dovecot-lda.

When you generate the bcc using recipient delimiter syntax
(account+s...@domain.tld), sieve is easily configurable to deliver to
your sent folder.

So generally speaking, you have a Postfix problem to solve. The dovecot
part is really easy :)

Regards,
Tom

Re: [Dovecot] Empty Mails from MAILER-DAEMON with Dovecot-Antispam and DSPAM

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 24-10-13 09:59, Anna Christina Naß wrote:
 Hallo,
 
 I've installed the dovecot-Antispam extension to my dovecot IMAP 
 installation in conjunction with DSPAM.
 
 But when moving Mails from e.g. INBOX to Spam or vice versa, empty
 mails from MAILER-DAEMON appear after the original mail has been
 moved. This happens using Thunderbird 17esr, K-9 Mail on Android
 and Apple Mail (Mountain Lion). (Perhaps also when using a Webmail
 IMAP client)
 
 The source from one of these empty mails looks like this:
 
 snip Return-Path: MAILER-DAEMON X-Original-To: acn 
 Delivered-To: a...@mydomain.name Received: from localhost
 (localhost.localdomain [127.0.0.1]) by my host name (Postfix)
 with SMTP id CB81B140011 for acn; Thu, 24 Oct 2013 09:23:33 +0200
 (CEST) X-DSPAM-Reclassified: Spam Message-Id:
 20131024072333.CB81B140011@my host name Date: Thu, 24 Oct 2013
 09:23:33 +0200 (CEST) From: MAILER-DAEMON /snip
 
 Do you have any idea why these mails appear and how I can prevent
 it?
 
snip

 # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686
 Debian 7.2 ext4 auth_cache_size = 1 M auth_mechanisms = plain
 login auth_worker_max_count = 5 listen = *, [::] log_timestamp =
 %Y-%m-%d %H:%M:%S  mail_location = maildir:/var/vmail/%u/Maildir 
 mail_privileged_group = mail mailbox_idle_check_interval = 15 secs 
 managesieve_notify_capability = mailto managesieve_sieve_capability
 = fileinto reject envelope encoded-character vacation subaddress
 comparator-i;ascii-numeric relational regex imap4flags copy include
 variables body enotify environment mailbox date ihave imapflags
 notify passdb { args = /etc/dovecot/ldap-passdb.conf.ext driver =
 ldap } plugin { antispam_allow_append_to_spam = no antispam_backend
 = dspam antispam_dspam_args =
 --user;%Lu;--deliver=spam,innocent;--source=error

You're telling DSPAM to re-deliver e-mail after retraining. You don't
want that, as you already received the e-mail. You only want DSPAM to
re-learn the message, so try something like:

antispam_dspam_args = --user;%Lu;--deliver=;--source=error


 antispam_dspam_binary = /usr/bin/dspamc antispam_dspam_notspam =
 --class=innocent antispam_dspam_spam = --class=spam 
 antispam_signature = X-DSPAM-Signature antispam_signature_missing =
 move antispam_spam = Spam;Junk antispam_trash = Trash;Deleted
 Items;Deleted Messages

snip

Kind regards,
Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSa8b2AAoJEJPfMZ19VO/1J9EP/08yHDm8Okxe65TA83eQMHp4
SHj3EvJH115BtRjSEJMME3CQ7Vd5G3Ah1l3b6QMWhkEM2zRiFXD10WfrMplZvO/5
snS70CFHKataNyaTuBG7XxK5Gv56DmCIH2j1k/YjSXnUsl8G9Xpbh3lLoPZDALoC
9BThSrTCxMc2hN3W+VGBvhxh1Nk2t8hak56QvzSebKDkazLX7MHcexZWZuBqh+v5
saicGoSak3FSNhowTul0JI9EzFtU8VKlLOFOqy/31/4NynszJQs+aWrm1xkxkZV4
l+nLiRvQUC+TUO0AfvlUwxFCs8cT39IAhPU9lqWNoR8SAM31aqOJRBeO28HMx3Ur
KOlefJnm77fQk6C+upqr0pKu+EgqvxQQBHjacZOKnzUptlwxzS2he38OswiWBk8b
oSqPXpGvZ9jxxmfXQAg0M/a1ztIz6/8vAxNAZHKsuKciXFIn6iZyswn7A1fm2W06
KHHu4ocQ3mGmJ2n5AdnYQP+9axuPBRjCKL2gT2K5hP7uHuJr9vXOUaWpAfAmTPVa
ATyXa6rnmtxOwKZt0azLFQhMzLu6kjEgTTcus3PLJFURECBoatrGMaWOCasLBu6w
4+g63ProScxZ1+P+MDUifxIBdiVD2M5qFc2zhnExt254hE/5YOYcgDq5f8x/XL6m
gy34lWdAQtg8aKoCD07c
=hw6D
-END PGP SIGNATURE-

Re: [Dovecot] Dovecot and CAPITALISATION = grrrr ;-(

[Tom Hendrikx]

On 09/18/2013 09:43 AM, Ben wrote:
 Hello,
 
 As far as I'm aware, email is case insensitive ?
 
 Dovecot however, seems to be taking offence at the fact that someone is
 sending mail to u...@somedomain.xyz.
 
 Postfix has no issues handling it, it when it gets passed over to
 Dovecot LMTP that I get log lines such as :
 
 Sep 17 13:48:22 ukc-vm02-mx01 dovecot: auth:
 passwd-file(u...@somedomain.xyz): unknown user

This is an IMAP username that seems to be formatted similar to an e-mail
address because your setup is built like that.
Usernames (IMAP or otherwise) and passwords are not part of any email
spec, but checking them case-sensitive sounds like a good idea in general.

You should make sure that the username string used by dovecot-auth is
formatted according to what your setup dictates (i.e. probably all
lowercase). Probably you need something along the lines of:

userdb {
  driver = passwd-file
  args = username_format=%Lu /path/to/file
}

See http://wiki2.dovecot.org/AuthDatabase/PasswdFile and
http://wiki2.dovecot.org/Variables

Regards,
Tom



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] dovecot is working, sort of

[Tom Hendrikx]

On 08/15/2013 07:13 AM, LuKreme wrote:
 I have dovecot setup and authenticating away for local users, but
 when I try to add MySQL users from postfix admin, not only does that
 fail, but all authentication fails.
 
snip
 and I get the following errors for *ALL* attempts to connect, not
 just sql ones:
snip
 mail dovecot: auth: Fatal: mysql: Missing value in connect string:
 password-dovecot mail dovecot: master: Error: service(auth): command
 startup failed, throttling for 60 secs
snip
 
 The dovecot-sql.conf.ext file is: $ cat
 /etc/dovecot/dovecot-sql.conf.ext driver =  mysql connect =
 host=localhost dbname=postfix user=dovecot password-dovecot

I see a typo there, and the error message is referring to it. Maybe try
password=dovecot?

The reason that all authentications fail (also the non sql ones), is
because the auth process (that handles all authentications) dies because
of the typo.

Tom



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Dovecot 2.1.7-7 only allow localhost access to IMAP and POP3

[Tom Hendrikx]

On 05/29/2013 01:13 PM, Reindl Harald wrote:
 
 Am 29.05.2013 12:41, schrieb Torben Schou Jensen:
 I can read how to setup older version of dovecot with SquirrelMail.

 They recommend to use uncrypted IMAP when SquirrelMail is on same server.

 What I would like to support is then imap, imaps, pop3 and pop3s.

 imaps and pop3s for external users.
 imap and pop3 only open for localhost, that is SquirrelMail on same machine.

 With dovecot 1 you could restrict access using
 imap_listen = localhost

 How do I make the same restriction with localhost on dovecot 2 ???
 
 if it listens only on localhost how should imaps and pop3s for external
 users work and additionally these days STARTTLS is recommended which
 works on the default ports 110/143
 
 why do you not simply *offer* encryption *or* use webmail also
 with encryption?
 

You should use imap with starttls (disable_plaintext_auth=yes) for the
imap service, then use login_trusted_networks=127.0.0.1/8 to allow
webmail logins from localhost without ssl. Webmail doesn't use pop3, so
no changes there.

If you insist on using imaps and/or pop3s, then these can live alongside
the above without problems.

--
Tom



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Idea: POP3 deletion as a flag

[Tom Hendrikx]

On 03-05-13 18:49, lst_ho...@kwsoft.de wrote:
 
 Zitat von Timo Sirainen t...@iki.fi:
 
 GMail doesn't delete mails when POP3 client issues a DELE command for
 it. Instead they just become invisible for future POP3 sessions, but
 they still exist for IMAP/webmail. The same could be implemented
 pretty easily for Dovecot:

  - Add a new setting to enable this: pop3_deleted_flag = $POP3Deleted
  - When DELEting a message, add this flag to the message.
  - When listing messages, skip all messages that have this flag.
  - Also hide this flag from IMAP clients(?)

 Thoughts? Probably 20 lines of new code.
 
 Hmm, this would lead to every increasing mailboxes for POP3 only users.
 What about this
 
 - Use some setting to express that POP3 deleted mail should be IMAP
 mark-as-deleted

This conflicts with (many) IMAP user agents that don't use
mark-as-deleted but have some version of 'move to trash folder' instead.
I do agree that it's probably the Right Way (tm) :)

 - Skip messages marked as deleted with POP3, maybe even as default?
 
 With this on IMAP access you clearly see what is going on. Also if you
 delete Messages by IMAP they won't get downloaded by POP3. This would
 also fit with mail providers doing an IMAP expunge/purge on a fixed
 timebase.

Kind regards,
Tom

Re: [Dovecot] dovecot antispam plugin is not woking

[Tom Hendrikx]

On 30-04-13 17:14, Eugene Paskevich wrote:
 On Tue, 30 Apr 2013 15:56:19 +0300, Ravi Kanchan
 ravi_kanchan2...@yahoo.com wrote:
 
 thank you for your valuable response


 I have changed the configuration as per your suggestion.
 
 Try putting it this way:
 
 plugin {
   antispam_spam = Spam
   antispam_allow_append_to_spam = YES
   antispam_backend = dspam
   antispam_dspam_args =
 --client;--user;vmail;--source=error;--signature=%%s
   antispam_dspam_result_header = X-DSPAM-Result
   antispam_signature = X-DSPAM-Signature
 }
 

I run dovecot, dspam and antispam plugin on dovecot 2.1.16 with:

plugin {
  antispam_backend = dspam
  antispam_dspam_args =
--user;mail;--deliver=;--source=error;--signature=%%s
  antispam_dspam_binary = /usr/bin/dspamc
  antispam_dspam_notspam = --class=innocent
  antispam_dspam_spam = --class=spam
  antispam_signature = X-DSPAM-Signature
  antispam_signature_missing = move
  antispam_spam_pattern_ignorecase = Junk;Junk.*
  antispam_trash_pattern_ignorecase = Trash;Deleted Items;Deleted Messages
}

And it works great :)

--
Tom

Re: [Dovecot] Ubuntu-12.04 packages for latest Dovecot release

[Tom Hendrikx]

On 22-02-13 15:13, 3.lis...@adminlinux.com.br wrote:
 Hi,
 
 Does anyone here know a trusted package repository for Ubuntu LTS which
 has always the latest version of Dovecot?
 Thanks !
 

http://wiki2.dovecot.org/PrebuiltBinaries

Re: [Dovecot] Ubuntu-12.04 packages for latest Dovecot release

[Tom Hendrikx]

On 22-02-13 17:01, 3.lis...@adminlinux.com.br wrote:
 Thank you Tom Hendrikx!
 
 But with the newest version package for Ubuntu Precise is 2.0.19.
 I would like to use the Dovecot version 2.1.15. I think I will have to
 generate my own packages ... :-\
 

Or use 2.1 packages made by stefan bosch, as documented on that page...

Re: [Dovecot] dovecot and avahi

[Tom Hendrikx]

On 01-01-13 17:13, Reindl Harald wrote:
 
 
 Am 01.01.2013 17:07, schrieb Robert Moskowitz:
 I am trying to figure out if I need avahi on my mail server.  I see that 
 POP3 and IMAP are services that Avahi can
 advertise/discover. Does Dovecot work with Avahi and how do you get POP3 and 
 IMAP advertised?

 And perhaps more importantly, what clients look for mail services this way?
 
 avahi does NOT get routed to internet
 
 since most clienst are not in the private network why would
 someone advertise mail-services via avahi?
 

If you want to advertise your mail config for easy setup over the
internet, take a look at: http://www.automx.org/

--
Tom



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] dovecot and avahi

[Tom Hendrikx]

On 01-01-13 18:01, Ben Morrow wrote:
 At  5PM +0100 on  1/01/13 you (Tom Hendrikx) wrote:

 If you want to advertise your mail config for easy setup over the
 internet, take a look at: http://www.automx.org/
 
 I thought most gooey mail clients supported RFC 6186 nowadays?
 
 Ben
 

As you can see from their docs, it supports a lot more than what you can
put in SRV DNS records AFAIK. I don't use either of the solutions
actively, and don't support any client setups so I don't really know
what is currently available in clients, and needed or superior on server
side.

--
Tom

Re: [Dovecot] IPhone wont delete IMAP messages from dovecot mailbox

[Tom Hendrikx]

On 11/13/12 4:21 PM, Willie Gillespie wrote:
 On 11/13/2012 07:44 AM, ti...@tibby.hu wrote:
 But on Iphone, when I add a mail user, got the mailbox synced with IMAP
 I can see the INBOX, but when I delete a message, get this error:
 Unable to Move Message The message could not be moved to the mailbox
 Trash.
 
 Do you have a mailbox named Trash?  Do the other clients move the
 message to Trash as well?

In stead of sending us the message from the iPhone, tell us what dovecot
puts in its logfile when you try this.

--
Tom

Re: [Dovecot] sieve

[Tom Hendrikx]

On 11/6/12 8:59 AM, Christian Rößner wrote:
 Hi,
 
 is there a sieve option that can reject a mail directly without
 creating a new mail and sending that out? I know about
 
 reject Reject message goes here;
 
 but I am looking for a mechanism that can reject Mail. Postfix can
 use reject_unverified_recipient to connect to LMTP and ask if a mail
 would successfully be enqueued and will return the status gotten from
 the LMTP server if not. Chances are high that the mechanism would
 work, too, if Dovecot would know about the sieve rule, while getting
 a connection on LMTP. Does Dovecot know all rules at this point or is
 sieve handled after the mail has already been accepted?
 

I have no idea if your above idea would actually work, but having
followed your questions on the postfix ml and your interests in using
reject_unverified_recipient and its cache with lmtp, it would be very
unwise to cache deliverability on the postfix side based on sieve
results, since sieve is able to reject/bounce on any part of the message
including message body contents and such.

This could lead to very unpredictable rejects to unrelated messages,
since the cache could obtain reject policies from sieve for a recipient
based on a single rejected message containing the word 'insert spammy
term here'.

--
Tom

Re: [Dovecot] Changing password for users

[Tom Hendrikx]

On 26-10-12 20:47, Mike John wrote:
 On 2012-10-26 01:17, Mike John wrote:
 
 Hello, I am using dovecot (2.0.9) and using virtual users using passdb
 { args = /etc/dovecot/dovecotpasswd driver = passwd-file } How can i
 make my virtual users change their passwords using web interface ? My
 users already uses squirrelmail to access their mail. is there a
 program to add to squirrelmail to add this function to the clients ? or
 should i user different separate website for password changing ? and
 what program/tool can help me with this ? Any ideas is greatly
 appreciated. Mike. Mike,

 I don't know about forcing users to change their passwords however with
 Squirrelmail there are several password change plugins available that
 use poppasswd to actually c ssword. Of course poppasswd will
 probably need to be modified to go
 against your password data base, in my case it simply uses PAM. The
 version I sion 1.8.5. Oh you probably want to restrict access to the
 port from
 the local host only since pas
 ansmitted in clear

 quot
 eJeff

 I know about poppassd , but it works only for /etc/passwd ,
 /etc/shadow, but my dovecot virtual users password files
 are in different location and i do not know how to modify poppassd, any
 idea how can i do that? and is there another way other than poppassd?
 
 i have googled every where, i can not find how to modify poppassd to
 modify virtual users passwords at /etc/dovecot/passwords
 , Is there any other way ? i am sure that some one in this mailing list
 have virtual users and uses modified poppassd or other utils so that his
 clients can change their password

Using a database for managing virtual users seems overkill, until you
run into issues like this.

I have a postgres backend for 20ish users, and I can plugin everything I
want. Postfixadmin works geat, and there are many password plugins for
squirrelmail/roundcube/etc that work with such a database.

Disclaimer: I tried the file-based approach too, but kept building
kludges for things that were a lot simpler with a database. In the end,
I joined the dark side.

--
Tom

Re: [Dovecot] Creating Maildir and populating with emails via external Python process

[Tom Hendrikx]

On 25/10/12 21:13, Bradley Rintoul wrote:
 This could be good.  I'd never looked into the LDA - I will study up on it.
 
 Someone else was helping out here and I thought I'd shed some more light on 
 what 
 I'm doing here...
 
 Let's  say someone has an account with Yahoo, for example.  My Python code is 
  
 fetching email from the user's Yahoo! account and placing it into the  
 Dovecot 
 Maildir storage for a particular user.  Now when the user  retrieves their 
 mail, 
 they are doing so using my Dovecot - my Dovecot  instance is acting as a 
 proxy, 
 of sorts...

I'm intrigued by this. Why are you using some self-baked(?) python
script to fetch the mail in stead of using ready-made components like
fetchmail?

Unless there's a special reason not to, try using the LDA (and
fetchmail/getmail for that matter).

This sounds exactly what you want:
http://pyropus.ca/software/getmail/configuration.html#destination-mdaexternal

--
Tom

 
 Thanks for the responses!
 
 (Is there an IRC channel?)
 
 
 
 
 From: Sven Hartge s...@svenhartge.de
 To: dovecot@dovecot.org
 Sent: Thu, October 25, 2012 11:07:26 AM
 Subject: Re: [Dovecot] Creating Maildir and populating with emails via 
 external 
 Python process
 
 Bradley Rintoul brint...@sbcglobal.net wrote:
 
 I'm using Dovecot to provide IMAP services for Thunderbird clients.
 The user's mail is stored in Maildir format and the individual emails
 which the user receives are actually downloaded and put into the
 Maildir repository using a Python email client (POP3 client).
 
 I am trying to create the dovecot-uidlist file and maintain the next
 UID value within it, but I am having trouble with the UIDVALIDITY and
 the 128 bit mailbox global UID among other things.  How can I seed a
 dovecot-uidlist file with these values..?
 
 Sorry if the information is not much to go on, please let me know what
 more information you might need to help point me in the right
 direction.
 
 How about injecting the mails into the LDA. It will take care of proper
 delivery without the need for your programm to know the internal
 workings of dovecot.
 
 S°
 

Re: [Dovecot] Dovecot Authentication Problem Can't Make it Work

[Tom Hendrikx]

On 15/10/12 17:43, Howell Repaja wrote:
 Hi All,
 
 I am struggling for 2 weeks solving authentication problem in dovecot.
 
 logs from /etc/mail/maillog
 Oct 15 18:00:37 localhost dovecot: auth:
 pam(how...@mydomain.infohow...@tourforyou.info,88.22.197.66):
 unknown user

 # 2.0.9: /etc/dovecot/dovecot.conf
 # OS: Linux 2.6.32-279.el6.x86_64 x86_64 CentOS release 6.3 (Final) ext4
 passdb {
   args = setcred=yes failure_show_msg=yes cache_key=%u dovecot
   driver = pam
 }
 userdb {
   driver = passwd
 }

Pam says that you have no such user 'how...@tourforyou.info'. Pam most
probably talks to /etc/passwd (and friends), which means that you either
need to login with a valid valid system username listed in /etc/passwd,
or you need to setup some other userdb/passdb that supports full email
addresses as usernames.

--
Tom

Re: [Dovecot] Trouble implementing Antispam plug-in for Dovecot

[Tom Hendrikx]

On 19/09/12 23:41, Ben Johnson wrote:
 
 
 On 9/11/2012 10:40 AM, Ben Johnson wrote:
 You nailed it, Ben. Thanks!

 I downloaded/installed the dovecot-dev package from the same maintainer
 and was able to build Antispam without issue.

 The hang-up now seems to be with my configuration.

 I'm seeing the following error in my email client whenever I attempt to
 move an email message from, say, Inbox to Junk folder:

 [SERVERBUG] BUG Unknown internal error.

 Nothing at all appears in syslog when this happens.

 I followed the instructions at http://wiki2.dovecot.org/Plugins/Antispam
 , to the letter, I believe.

 The relevant portions of my configuration are as follows:

 -
 protocol imap {
   mail_plugins = quota imap_quota antispam
 }

 plugin {
   quota = dict:user::file:/var/vmail/%d/%n/.quotausage
   sieve = /var/vmail/%d/%n/.sieve

   antispam_backend = MAILTRAIN
   antispam_mail_sendmail = /usr/bin/sa-learn-pipe.sh
   antispam_mail_spam = --spam
   antispam_mail_notspam = --ham
   antispam_spam_pattern_ignorecase = spam;junk
 }
 -

 The permissions and execute bit are set in accordance with other
 executables in the same directory:

 # ls -lah /usr/bin/ | grep -i sa-learn-pipe.sh
 -rwxr-xr-x  1 root root 297 Sep  5 11:17 sa-learn-pipe.sh

 I would provide more log content, but the debug options seem to be gone
 in the forked, = 2.0 version of this plug-in.

 Any ideas are very much appreciated.

 Thanks,

 -Ben
 
 Given that nobody shared any insight here, I decided to stand-up a
 completely new VM with Ubuntu 12.04 LTS and see if the same error occurs.
 
 While the error is different this time around, I am still unable to get
 any variant of the dovecot-antispam plug-in working.
 
 When I attempt to use the current packages from Ubuntu 12.04.1 LTS, and
 I use the above configuration, my syslog fills-up with the following:
 
 dovecot: imap-login: Login: user=u...@example.com, method=PLAIN,
 rip=10.0.1.57, lip=10.0.1.8, mpid=2879, TLS
 dovecot: master: Error: service(imap): child 2879 returned error 3
 
 Surprisingly, I can find only two other mentions of error 3 anywhere
 on the Internet. Those mentions were from another user to this mailing list:
 
 http://www.dovecot.org/list/dovecot/2012-August/067787.html
 http://www.dovecot.org/list/dovecot/2012-August/067814.html
 
 The lack of error 3 ubiquity leads me to believe that I must be doing
 something stupid.
 
 There's no question that this behavior is related to the
 antispam-plugin, because when I commented-out the relevant lines in
 Dovecot's configuration file, the error does not occur.
 
 I have followed the instructions at
 http://wiki2.dovecot.org/Plugins/Antispam to the letter, and this is the
 result.
 
 The only instance in which I diverged from the Wiki article is that I
 used the Ubuntu-provided dovecot-antispam package (instead of compiling
 the plug-in from source).
 
 I am trying to use the mailtrain back-end, per the above-cited Wiki
 article, to call SpamAssassin's sa-learn utility for real-time learning.
 
 I am not using the SpamAssassin daemon (spamd).
 
 I'm about to throw in the towel on this plug-in, so any help would be
 greatly appreciated.
 
 Thank you,
 
 -Ben

There are 2 versions of the dovecot-antispam package. The original
version was created by Johannes Berg, then died almost a silent death,
and was forked by Eugene Paskevitch. Later Johannes revived his original
version somewhat.

The ubuntu package is based on the 'revived Johannes fork' [1], while
the documentation on the dovecot wiki describes the 'Eugene fork'. [2]

[1] https://launchpad.net/ubuntu/precise/+source/dovecot-antispam/+copyright
[2] http://wiki2.dovecot.org/Plugins/Antispam

Thus you'll need to choose which plugin you want, then follow the
complete procedure for that plugin only. They both can do what you want,
but building and configuration are slightly different.

It would be nice if Johannes and Eugene would either agree on a single
version of the plugin, or rename one of the forks so they don't get
mixed up that easily. I'm not sure if that has been discussed (on- or
off-list) in the past.

FWIW: I used the 'original Johannes fork' with dovecot 1.x, and the
'Eugene fork' with 2.0.x, both with delight. Didn't get myself to
upgrade to 2.1 yet, so no experience there.

--
Tom

Re: [Dovecot] clucene build warnings?

[Tom Hendrikx]

On 9/16/12 4:41 PM, Charles Marcus wrote:
 Hi all/Timo,
 
 Is clucene still the best/recommended method for enabling full text search?
 
 Although I haven't enabled FTS yet, I plan on doing sometime in the
 future, and was going to be using clucene, but before I do, I'd like to
 see if I need to worry about an issue I've been seeing ever since I
 first installed clucene (and still get every time it is upgraded)...
 
 I run gentoo linux on an amd64 server, and have always gotten this
 warning whenever it is updated (and also got it when I first installed it):
 
 QA Notice: Package triggers severe warnings which indicate that it
may exhibit random runtime failures.
 /var/tmp/portage/dev-cpp/clucene-2.3.3.4-r4/work/clucene-core-2.3.3.4/src/core/CLucene/index/DocumentsWriter.cpp:129:33:
 warning: passing NULL to non-pointer argument 2 of ‘void* memset(void*,
 int, size_t)’
 Please do not file a Gentoo bug and instead report the above QA
 issues directly to the upstream developers of this software.
 Homepage:http://clucene.sourceforge.net/
 
 Has anyone else ever seen similar warnings when building clucene?

 Is the gentoo ebuild output correct that this is not a gentoo bug, but
 is in fact a problem with upstream?

 If so, is it harmless? Or should I try to get upstream to fix it?

Same warnings here (gentoo 32bit). The gentoo package management simply
checks the gcc output for warnings, and reports them to you after the
build completes. As long as the warnings are not related to patches
added by gentoo, the issue should go upstream. Whether it is a serious
issue, that can only be decided by reviewing the code itself, which
would be more appropriate for a lucene dev than a dovecot dev ;)

I suggest that you simply report the issue upstream and see what
happens. If the code is harmless, they might just change it the so that
gcc doesn't complain about it in the future.

--
Tom

Re: [Dovecot] Remove leading and trailing spaces from folder names?

[Tom Hendrikx]

On 7/20/12 9:56 AM, Frank Bonnet wrote:
 On 07/20/2012 09:48 AM, Wojciech Puchar wrote:
 do you really think that he migrates to exchange
 because he have fun with it?
 so? is it my problem that he works in company managed by an idiot?

 Why dovecot users have to provide free support for microsoft software,
 while microsoft are paid for their products thousands of dollars?

 Does it make sense?
 
 +1
 

-1

A dovecot specific question was asked by the OP, but people seem to
think this is a reason to bash either the OP, his company or non-dovecot
software (exchange) for something which is related to the question, but
off-topic for the list.

If you don't have any dovecot related input for the OP, just leave the
thread alone, in stead of trolling. Thank you very much.

--
Tom

Re: [Dovecot] Issues with Plus addressing and detail part of subaddress.

[Tom Hendrikx]

On 15-07-12 13:34, Charles Marcus wrote:
 On 2012-07-15 4:50 AM, Sean Kamath kam...@moltingpenguin.com wrote:
 Before I dive in and upgrade everything, am I missing something simple?
 
 dovecot -n output maybe?

Adding some log output of a message that, according to you, should have
been delivered to folder Bar but ended up somewhere else, would be nice
too.
Be sure to include both logging of dovecot and the MTA talking to
dovecot (you didn't mention which one).

--
Tom

Re: [Dovecot] Using a namespace for providing access to mail snapshots for user based on-demand restoration of email backups

[Tom Hendrikx]

On 05-04-12 17:28, Charles Marcus wrote:
 Hi all,
 
 I'm planning on implementing this in my new upcoming dovecot instance,
 and would like to hear thoughts on how best to accomplish this. We will
 be paying Timo's support company to do the work, but obviously, the less
 work in the form of coding he has to do to get this working (I'm hoping
 it won't be a lot), the more money it will save us... ;)
 
 First - I currently use rsnapshot to backup emails, so that is the
 use-case I'm most interested in getting working. It is rsync based, and
 like other rsync based backup programs it uses hardlinks to save storage
 space - so you can have a *lot* of backups (going back months, or even
 years), where each snapshot only adds a little more to the total disk
 space being used.
 

snip

 What I'm envisioning is something like this...
 
 1. Define a namespace - for this example we'll call it 'Time Machine'
 
 2. Under this namespace, each user will see their, and *only* their
snapshots
 
 So, each user would see something like this:
 
 My Mail Account
Inbox
Drafts
Templates
Sent
Time Machine (sorted above user created folders if possible)
 -4/3/12, 8:00am (first subfolder)
Inbox
Drafts
etc... (all other folders and sub-folders shown here)
 +4/3/12, 12:00pm (first subfolder)
 etc...
Other User Folders
...
 
 Or even better, I'm thinking some magical code that can group them by
 Date, like:
 
 -4/3/12 (first subfolder)
-8:00am (next sub-folder)
   Inbox
   Drafts
   Etc... (all folders and sub-folders shown here)
+12:00pm
+4:00pm
+8:00pm
 +4/4/12
 etc...
 
 Comments? Suggestions? Flames?
 

The first interesting point I'd see with this, is that you supply the
mail client with a near endless supply of folders, which would take a
lot of caching space on the clients end, either (depending on the client
and its configuration) from the moment that you enable this fort hem, or
after someone starts searching in their 'time machine' for some old mail.

I see my mail client on a new install working quite hard to download
mail headers for 2 years of postfix/dovecot/etc mailing lists, so what
happens if you provide a 'time machine' namespace going 1 month back, 4
with snapshots a day (i.e. 31x4 =~ 120 times more headers to
download/index).

--
Tom

Re: [Dovecot] LDA alias resolution problems..

[Tom Hendrikx]

On 27/02/12 12:06, Nick Warr wrote:

I use postfix + dovecot LDA + mysql virtual users and up til friday,
everything was working just fine.

Dovecot is 2.0.beta6 (3156315704ef)

Like I said, up til friday, when I added a vacation entry into postfix
(which I have now removed to see if it was the reason) mails to the
alias virusalert (which is aliased to me) went through just fine.

Now I get these sort of errors from the LDA:

Feb 27 11:54:03 cluster2 postfix/pipe[31267]: 866F0A41173:
to=virusal...@mobilia.it, relay=dovecot, delay=357414,
delays=357413/0.79/0/0.05, dsn=4.3.0, status=deferred (temporary
failure. Command output: lda: Fatal: Unknown user )


Other aliases work perfectly, the only difference is that these emails
are of local origin, (they're messages from Amavisd) I'm not sure why
this has started to be a problem.


Usually, aliases are processed by postfix, and dovecot only gets e-mail 
for actual users, not aliases. Depending on how your mail processing 
flow works, mail generated by amavis might not visit postfix before it 
hits dovecot...


--
Regards,
Tom

Re: [Dovecot] Dovecot antispam plugint got an empty message

[Tom Hendrikx]

On 25-01-12 08:05, Petr Bravenec wrote:
 Few weeks ago I upgraded dovecot from 1.2 to 2.0.16 and antispam plugin to 
 2.0_pre20101222. Since the upgrade I'm not able to move messages to my Junk 
 folder. In the maillog I have found this message:
 
 dspam[25060]: empty message (no data received)
 

Gentoo has included the antispam plugin from Johannes historically, but
added the fork by Eugene to support upgrades to dovecot 2.0. It is not
really made clear by the gentoo ebuild is that the forked plugin needs a
slightly different config.

I use the config below with dovecot 2.0.17 and a git checkout for
dovecot-antispam:

===8
plugin {
antispam_signature = X-DSPAM-Signature
antispam_signature_missing = move
antispam_spam_pattern_ignorecase = Junk;Junk.*
antispam_trash_pattern_ignorecase = Trash;Deleted Items;Deleted
Messages

# Backend specific
antispam_backend = dspam
antispam_dspam_binary = /usr/bin/dspamc
antispam_dspam_args =
--user;%u;--deliver=;--source=error;--signature=%%s
antispam_dspam_spam = --class=spam
antispam_dspam_notspam = --class=innocent
#antispam_dspam_result_header = X-DSPAM-Result
}


--
Regards,
Tom

Re: [Dovecot] dovecot-antispam: pipe backend with spamc failing to parse args

[Tom Hendrikx]

On 15/12/11 01:37, Micah Anderson wrote:
 
 I'm trying to get the pipe backend to work with the new
 dovecot-antispam (I was very pleased to see the new version, thanks
 Johannes!)
 

 antispam_pipe_program_spam_arg = -L spam
 antispam_pipe_program_notspam_arg = -L ham
 antispam_pipe_program = /usr/bin/spamc
 antispam_pipe_program_args = -d 10.0.1.109
 
 Now, when I move a message to Spam, dovecot-antispam detects it and
 attempts to run, but it fails:
 
 Dec 14 16:22:45 grosbeak [username 10.0.1.74 uid]: antispam: run program
 failed with exit code 64
 
 Exit code 64 is spamc's exit code for command line usage error - but I
 can't see exactly the command that is being constructed by
 dovecot-antispam to know where the error is.

I use dspam as backend, but multiple args need to be specified separated
by semicolons (';') if spaces aare needed on the original commandline. i.e.:

antispam_pipe_program_spam_arg = -L;spam
antispam_pipe_program_notspam_arg = -L;ham
antispam_pipe_program = /usr/bin/spamc
antispam_pipe_program_args = -d;10.0.1.109

Note that this is the fork from Eugene as documented on the wiki, which
is based on the same code. Did I miss the announcement from Johannes
somewhere?:)

-- 
Regards,
Tom

Re: [Dovecot] How to create home directories for virtual users?

[Tom Hendrikx]

On 24-11-11 10:22, Olli Räisänen wrote:
 Hello,
 
 I,m using Dovecot 1.2.9, now finishing a migration from Courier IMAP. 
 Documentation (http://wiki.dovecot.org/VirtualUsers/Home) says that home 
 directory should not be the same as mail directory. When I create new user 
 accounts with PostfixAdmin the mail directory is not a problem but is there 
 some smart way to create the home directory as well (locating it for instance 
 in '/srv/vmail/%d/%n/home')?
 

How about using /srv/vmail/%d/%n for homedir, and /srv/vmail/%d/%n/mail
as mailstore?

Otherwise, postfixadmin has a post-create hook that is able to execute
arbitrary scripts, creating homedirs should be among the included examples.

--
Tom

Re: [Dovecot] How to create home directories for virtual users?

[Tom Hendrikx]

On 24-11-11 20:29, Timo Sirainen wrote:
 On Thu, 2011-11-24 at 21:23 +0200, Olli Räisänen wrote:
 Tom Hendrikx kirjoitti 2011-11-24 kello 18:13:47:

 How about using /srv/vmail/%d/%n for homedir, and /srv/vmail/%d/%n/mail
 as mailstore?

 Well, yes - at least the home directory will be created that way. Still, 
 PostfixAdmin will not store the path in the maibox table home field. Perhaps 
 it is enough to include the path in the Dovecot user_query?  
 
 It would be better if you used PostfixAdmin's maildir field as the
 home directory, and then mail_location=~/Maildir. Like the sql queries
 being:
 
 password_query = \
   SELECT username AS user, password, \
 CONCAT('/home/vmail/', maildir) AS userdb_home, \
 CONCAT('*:bytes=', quota) AS userdb_quota_rule \
   FROM mailbox \
   WHERE username = '%u' and ACTIVE = '1'
 
 user_query = \
   SELECT CONCAT('/home/vmail/', maildir) AS home, \
 CONCAT('*:bytes=', quota) AS quota_rule \
   FROM mailbox \
   WHERE username = '%u' AND active = '1'
 
 I used these in another PostfixAdmin server's install.
 

I even simplified this up to:

# taken from stock dovecot2 config
userdb {
driver = static
args = uid=vmail gid=mail home=/var/spool/vmail/%u
}
mail_location = maildir:~/Maildir

password_query = SELECT username AS user, password FROM mailbox WHERE
username = '%u' AND active = '1'

(no quota's, no special cases for home/mail directory configuration)
--
Tom

Re: [Dovecot] TLS Authentication Confusion

[Tom Hendrikx]

On 10-11-11 20:28, Dick Middleton wrote:
 On 11/10/11 19:17, Carlos Mennens wrote:
 I asked a user today to make sure his incoming and outgoing email was
 using TLS. He told me it wasn't possible because my Dovecot / Postfix
 daemons were only listening on TCP 25  143 according to a port scan
 he did. He told me the only way I could enable encrypted secure
 sessions between the client  server is to enable port 993 (IMAPs).
 
 Yes you are right.  Port 993 is for IMAPS (SSH).  TLS is normally on the same
 port as plain.
 
 The difference between SSH and TLS is that with SSH the encryption is set up
 before any application communication takes place.  i.e all application packets
 are contained in the encrypted payload.  With TLS the application starts
 communication and then the application sets up encryption of its payload.
 

You're contributing to the confusion.

SSL and TLS are practically the same, just another name for the same
beast. The only difference is that SSL is the old name, and newer
versions of the standard are labeled TLS. The term SSH is not in the
scope of this question.

There are 2 ways of using SSL/TLS to encrypt sessions:

1) Setup a dedicated port where a SSL/TLS session can be setup before
the actual data is transferred. This is what happens for IMAPS/993 and
SMTPS/465.

2) Extend an existing protocol to enable SSL/TLS during an open session.
This is called STARTTLS in several protocols, SMTP and IMAP being among
them. And this is what happens on SMTP/25, Submission/587 and IMAP/143.

Note that although the second option is *named* STARTTLS, you probably
could implement any server to *use* SSL 1.0 for the actual encryption
(not recommended though).

The OP is offering STARTTLS for both services, which is good.

--
Regards,
Tom

Re: [Dovecot] Dovecot alias and mailbox problem

[Tom Hendrikx]

On 08-11-11 19:34, Jeroen Grusewski wrote:
 
 Hi All,
 
 My Postfix / Dovecot / MySQL is running fine but I have the following issue:
 
 When I create the following mailboxes t...@example.com and te...@example.com 
 it is working fine.
 I can create an alias te...@examples.com = te...@example.com that is also 
 working without a problem, 
 only when I create t...@example.com = te...@example.com email is only 
 delivered to test1@ instead to 
 both test@ and test1@ 
 
 I believe it is properly just a setting but please help me out here !
 
 Let me know if you need any more information before I post configs etc.
 

You probably want to create the alias as t...@example.com =
te...@example.com,t...@example.com. Depending on how you setup postfix,
this should deliver to both mailboxes (and not create an infinite loop).

Note that aliasing is handled within Postfix, not in Dovecot, so if you
have further questions, you're probably on the wrong list.

--
Regards,
Tom

Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem

[Tom Hendrikx]

On 24-10-11 21:00, Jack Fredrikson wrote:
 Hi; This is my 6th day installing my first Postfix/Dovecot
 installation. The Postfix mailing list indicates I've got the MTA
 under control so now I'm seeking your help with the MDA. I get these
 errors with legitimate email addresses: Oct 24 11:47:38 myserver
 dovecot: auth-worker: Error: mysql(localhost): Connect failed to
 database (postfix): Access denied for user 'dovecot'@'localhost'
 (using password: YES) - waiting for 25 seconds before retry
 
 Now I've logged in myself: mysql -u dovecot -p Enter password: xxx 
 and succeeded. What am I doing wrong?
 

The (using password: YES) part of the error indicates that your
connection to the server was established successfully. However, it seems
that user 'dovecot' has no access to database 'postfix', which you did
not test on the command line either.

What happens on the commandline when you enter (after logging in:
use postfix; show tables;

Fix that error in the mysql user administration, then try again.

 
 I've noticed that every time I restart dovecot I get this error in
 the dovecot-deliver.log:
 
 Oct 24 11:31:11 lda: Error: userdb lookup:
 connect(/usr/local/var/run/dovecot/auth-userdb) failed: Permission
 denied (euid=512(vmail) egid=512(vmail) missing +r perm:
 /usr/local/var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) 
 Oct 24 11:31:11 lda: Fatal: Internal error occurred. Refer to server
 log for more information.
 
 
 Every time I go to chmod 666 on that file, restarting dovecot wipes
 those permissions. How fix? Even when I fix that, I still get the
 temporary failure. Please advise.

You forgot to add doveconf -n output, so I'm guessing here, but in your
config, there should be a part defining something like:

service auth {
  unix_listener auth-userdb {
# some commented stuff
  }
}

Uncomment as needed, and set the values a indicated by the error message
(probably something like user=vmail, group=vmail mode=0660).

 
 TIA, Jack
 

Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem

[Tom Hendrikx]

On 24-10-11 23:47, Jack Fredrikson wrote:
 
 
 From: Simon Brereton simon.brere...@buongiorno.com
 To: dovecot@dovecot.org
 Sent: Monday, October 24, 2011 5:04 PM
 Subject: Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection 
 Problem
 
 Who owns /var/vmail?
 
 ls -al /var/vmail/
 total 8
 drwxrwx---  2 vmail mail 4096 Oct 19 18:45 .
 drwxr-xr-x 26 root  root 4096 Oct 23 08:35 ..
 /usr/sbin/usermod -a -G mail,postfix dovecot

Adding dovecot to the postfix group would be considered a security issue
by many. Don't so this unless you actually think it wil help you (it won't).

 
 And I'm still getting the same error:
 dovecot: auth-worker: Error: mysql(localhost): Connect failed to database 
 (postfix): Access denied for user 'dovecot'@'localhost' (using password: YES)
 

Please see http://dev.mysql.com/doc/refman/5.5/en/connecting.html,
especially the part that starts with On Unix, MySQL programs treat the
host name localhost specially,

Then show proof that this command works:

mysql -udovecot -pxxx -h 127.0.0.1 postfix

And see what happens if you set the hostname in dovecot config also to
127.0.0.1. Note that testing as root will likely give you access to the
mysql socket, but dovecot might not have the same privileges. The above
will test tcp connectivity for both.

--
Tom

Re: [Dovecot] Sieve header :value test does not work

[Tom Hendrikx]

On 06/09/11 21:21, Tom Hendrikx wrote:
 On 06/09/11 21:11, Tom Hendrikx wrote:
 hi,

 After following some examples and searching for sieve samples in this ml
 history, I'm quite sure that the following sieve snippet should give no
 surprises:

 if header :value ge :comparator i;ascii-numeric X-Header-Name
 0.99 { /* do something */ }

 However the Pigeonhole Sieve 0.2.3 on dovecot 2.0.14 gives me following
 error:

 test: line 3: error: unknown tagged argument ':value' for the header
 test (reported only once at first occurence).
 test: error: validation failed.

 What obvious mistake am I failing to see here?

 
 To answer my own question (which was found by grepping through
 /usr/share/doc/dovecot-2.0.14/sieve/rfc/*bz2): including the
 relational extension in the require statement adds support for this
 test.
 
 Sorry for the noise :/
 --
 Tom
 

The above snippet poses some other issue that I cannot easily solve: the
ascii-numeric comparator only handles integer values.

All 0. header values are truncated to 0 by the comparator, just like
the sieve script value 0.95. After comparision, this results in true
for all cases.

I don't really see a way to interact with floats in sieve, other than
using regular expressions. However this gets clumsy/hairy quite fast
when you're matching a hypothetical header value =0.73 in stead of =0.99.

Any ideas?

-- 
Regards,
Tom

Re: [Dovecot] Sieve header :value test does not work

[Tom Hendrikx]

On 07/09/11 15:48, Stephan Bosch wrote:
 On 9/7/2011 2:40 PM, Tom Hendrikx wrote:
 The above snippet poses some other issue that I cannot easily solve: the
 ascii-numeric comparator only handles integer values.

 All 0. header values are truncated to 0 by the comparator, just like
 the sieve script value 0.95. After comparision, this results in true
 for all cases.

 I don't really see a way to interact with floats in sieve, other than
 using regular expressions. However this gets clumsy/hairy quite fast
 when you're matching a hypothetical header value=0.73 in stead of=0.99.

 Any ideas?
 
 Yes. This can be a problem. However, the usual application for this is
 matching against a spam header. If it is, you can use the spamtest
 extension instead. Then you can configure the gory details in the
 background
 (http://wiki2.dovecot.org/Pigeonhole/Sieve/Extensions/SpamtestVirustest).
 
 Otherwise, things indeed tend to get hairy. I've puzzled a bit and came
 up with the following:
 
 
 require variables;
 require relational;
 require comparator-i;ascii-numeric;
 require regex;
 
 # Extract integer and fractional part separately:
 set val_int 0;
 set val_frac 0;
 if header :regex X-Header-Name ([0-9]+)\\.([0-9]+) {
   set val_int ${1};
   set val_frac ${2};
 }
 
 if allof (
   /* Compare the integer part */
   string :comparator i;ascii-numeric :value ge ${val_int} 5,
   /* Compare the fractional part */
   string :value ge ${val_frac} 34 ) {
   discard;
 }
 
 
 As you can see, the integer and fractional parts of the fractional
 number are extracted separately using a :regex match. Then the
 comparison is performed. The integer part is compared using
 i;ascii-numeric. Quite counter-intuitively, the fractional part is
 compared using a normal string comparison. The earlier regex match made
 sure that the ${val_frac} variable only contains digits. The string
 comparison makes sure that the length of the fractional part does not
 matter (much) and that the comparison works as expected. A length
 difference will only have an effect when there are spurious trailing
 zeros and all the preceeding digits are equal, thereby causing the
 longer string to have higher value, which is not strictly correct.
 
 The above certainly does not deserve an award for beauty, it does not
 handle negative numbers (can be added), and it is not tested very well. 
 So, use this with caution. Unfortunately, there is no i;ascii-fractional
 (or whatever) collation and afaik nothing like that is in the works at
 the IETF.
 

Thanks for the idea :)
My first alternative way of thinking was to put the header value in a
variable, then multiply it by 1 (in my actual issue, the fraction
always has 4 characters), then handle it as an int. However, doing a
calculation is also not supported.

I was trying to do some nifty stuff with DSPAM headers, which adds
header that indicates Spam or Innocent, and a fractional value
between 0 and 1 that indicates the confidence that the filter has in its
own classification:

X-DSPAM-Result: Spam
X-DSPAM-Confidence: 0.9456
== quite sure it is spam

X-DSPAM-Result: Innocent
X-DSPAM-Confidence: 0.9889
== even more sure that it is not spam

Based on these headers, I wanted to do something with messages that the
filter was really sure about, like pushing them to spamcop.

Combining these headers in the sieve spamtest configuration to create a
sliding scale between 1 and 10 is not really possible.

-- 
Regards,
Tom

Re: [Dovecot] Sieve header :value test does not work

[Tom Hendrikx]

On 06/09/11 21:11, Tom Hendrikx wrote:
 hi,
 
 After following some examples and searching for sieve samples in this ml
 history, I'm quite sure that the following sieve snippet should give no
 surprises:
 
 if header :value ge :comparator i;ascii-numeric X-Header-Name
 0.99 { /* do something */ }
 
 However the Pigeonhole Sieve 0.2.3 on dovecot 2.0.14 gives me following
 error:
 
 test: line 3: error: unknown tagged argument ':value' for the header
 test (reported only once at first occurence).
 test: error: validation failed.
 
 What obvious mistake am I failing to see here?
 

To answer my own question (which was found by grepping through
/usr/share/doc/dovecot-2.0.14/sieve/rfc/*bz2): including the
relational extension in the require statement adds support for this
test.

Sorry for the noise :/
--
Tom

Re: [Dovecot] Dovecot-Antispam 2.0 with SpamAssassin (sa-learn)

[Tom Hendrikx]

On 18/08/11 10:53, Nick Rosier wrote:
 Tom Hendrikx wrote:
 On 17/08/11 08:26, Nikita Koshikov wrote:
 On Tue, 16 Aug 2011 22:38:34 +0200
 Nick Rosier wrote:

 Hi,

 has anyone figured out how to use the dovecot-antispam plugin with
 sa-learn? I need to pass the username (u...@domain.tld) to sa-learn and
 --ham or --spam depending on the move. I was thinking of using the
 CRM14
 option and replace the command and arguments but cannot find anything
 about the ability to pass the username.
 Any pointers would be welcome.

 N.
 Write a wrapper on sa-learn. The script should parse env first and
 that exec learning with appropriative args, like:
 antispam_mail_sendmail = /etc/dovecot/plugins/spam.sh

 Scrip, something like:
 #!/bin/bash

 (
 env  /tmp/antispam.$$
 /usr/bin/sa-learn $@
 exit 0
 )
 search for PWD environment in  /tmp/antispam.$$ .



 I use the dspam backend and pass the user into the commandline with %u,
 which seems to work, but is not documented in the man page.

 To be clear, this is with the plugin from:
 http://wiki2.dovecot.org/Plugins/Antispam
 I've currently got it working with the MailTrain backend. Might consider
 reconfiguring it to dspam backend as I need to do some ENV parsing to
 get the user. Using %u as argument to pass to the wrapper would be
 easier but I couldn't find anything in de documentation as you said.
 
 N.
 

I don't think that the backend has anything to do with the supported
variables (http://wiki2.dovecot.org/Variables), but you should check the
source to be sure.

Maybe Eugene is triggered to create a release when you contribute some
documentation on this :)

-- 
Regards,
Tom

Re: [Dovecot] Dovecot-Antispam 2.0 with SpamAssassin (sa-learn)

[Tom Hendrikx]

On 17/08/11 08:26, Nikita Koshikov wrote:
 On Tue, 16 Aug 2011 22:38:34 +0200
 Nick Rosier wrote:
 
 Hi,

 has anyone figured out how to use the dovecot-antispam plugin with 
 sa-learn? I need to pass the username (u...@domain.tld) to sa-learn and 
 --ham or --spam depending on the move. I was thinking of using the CRM14 
 option and replace the command and arguments but cannot find anything 
 about the ability to pass the username.
 Any pointers would be welcome.

 N.
 Write a wrapper on sa-learn. The script should parse env first and that exec 
 learning with appropriative args, like:
 antispam_mail_sendmail = /etc/dovecot/plugins/spam.sh
 
 Scrip, something like:
 #!/bin/bash
 
 (
 env  /tmp/antispam.$$
 /usr/bin/sa-learn $@
 exit 0
 )
 search for PWD environment in  /tmp/antispam.$$ .
 
 

I use the dspam backend and pass the user into the commandline with %u,
which seems to work, but is not documented in the man page.

To be clear, this is with the plugin from:
http://wiki2.dovecot.org/Plugins/Antispam

-- 
Regards,
Tom

Re: [Dovecot] set delay between pop3-logins

[Tom Hendrikx]

On 25/07/11 20:05, tonjg wrote:
 
 I'm using dovecot 1.1.8 on a raq4 server running centos 4.8
 Is it possible to set a time delay between all dovecot pop3-logins? say 20 -
 30 seconds for example?
 My reason is I want to thwart the constant login attempts from hackers
 hunting for an open relay. It's no  good blocking the ip address because
 every hack attempt comes in from a different address. I'm the only user on
 the server so no-one else would be affected by such a delay. Thanks for any
 pointers 
 

Hi,

dovecot 2.x has an automatic backoff system (see auth_failure_delay
config option).

When you're not interested in upgrading, an external tool like fail2ban
can block the ip adresses for you automatically. And if you are the only
user, you could also just open up your firewall for your personal ip
addresses, and block access for the rest of the world.

--
Regards,
Tom