Re: Notifications to over-quota accounts
Hi, I'm sending warnings to accounts when their quota gets up to 80% and again on 95%. Relevant parts from "doveconf -n": ... service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { user = mailstore } user = mailstore } plugin { ... quota = count:User quota quota_rule2 = Trash:storage=+100M quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_vsizes = yes quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u ... } Bash script: ... #!/bin/sh PERCENT=$1 USER=$2 DATE=`date` MSGID_P1=`date '+%Y%m%d%H%M%S'` MSGID_P2=`hostname` MSGID=$MSGID_P1@$MSGID_P2 logger -p mail.info -t dovecot "$PERCENT% Quota-warning sent to $USER" cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=count:User quota:noenforcing" From: To: <$USER> Subject: $PERCENT% Mail quota warning Message-ID: <$MSGID> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Date: $DATE Your text ... Best Urban Am 15.03.24 um 12:58 schrieb N V: Hello! I'm trying to allow a system email address to send notifications to over-quota accounts. Is there a way to do it? Thanks in advance! ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot and oauth2 (with keycloak) not working
Hi, I'm running dovecot with keycloak without problems since 1 month. >>Nov 20 08:20:30 auth: Error: oauth2(fran...@mydomain.com,10.10.40.30,): oauth2 failed: connect(10.10.100.10:443) failed: Connection refused It seem's that your keycloak is not responding to connection requests on port 443. You can try "telnet 10.10.100.10 443" from your dovecot server? Regards Urban Am 20.11.23 um 08:29 schrieb Francis Augusto Medeiros-Logeay via dovecot: Hi, I successfully configured Roundcube to use keycloak for oauth2. However, I am having trouble to make it work with dovecot. My configuration is this: cat dovecot-oauth2.conf.ext tokeninfo_url = https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/userinfo introspection_url = https://auth.mydomain.com/realms/myrealm/protocol/openid-connect/token/introspect introspection_mode = post username_attribute = postfixMailAddress debug = yes scope = openid Roundcube_email This is what I am getting from the logs: Nov 20 08:20:30 auth: Error: ldap(fran...@mydomain.com,10.10.40.30,): ldap_bind() failed: Constraint violation Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com: Host created Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com: Host session created Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com: IPs have expired; need to refresh DNS lookup Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com: Performing asynchronous DNS lookup Nov 20 08:20:30 auth: Debug: http-client[1]: request [Req1: GET https://auth.mydomain.com/realms/med-lo/protocol/openid-connect/userinfoeyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJaYTFXcXhxb0RULXBSc2o1WXZFdUJfLUxBVUtGNk5SeFFrUS1mNmdTUGs4In0.eyJleHAiOjE3MDA0NjUxMzAsImlhdCI6MTcwMDQ2NDgzMCwiYXV0aF90aW1lIjoxNzAwNDY0Njg5LCJqdGkiOiIzZTk5YWI4Yi0xZTkyLTRlMDYtYjg0NC1kODc4ZDZjODZjOWMiLCJpc3MiOiJodHRwczovL2F1dGgubWVkLWxvLmV1L3JlYWxtcy9tZWQtbG8iLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiZGE5MDk4NDQtNjlmOS00ZjkzLWI1NjctMGZjOWQ3YzA3MTZmIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoicm91bmRjdWJlIiwic2Vzc2lvbl9zdGF0ZSI6ImZkY2I2YTczLTNjNjgtNDlhNS1hOTlkLTdkYmE4ODNlNjg4NiIsImFjciI6IjAiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9tYWlsLm1lZC1sby5ldSJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiIsImRlZmF1bHQtcm9sZXMtbWVkLWxvIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgUm91bmRjdWJlX2VtYWlsIHByb2ZpbGUgZW1haWwgb3BlbmVkIiwic2lkIjoiZmRjYjZhNzMtM2M2OC00OWE1LWE5OWQtN2RiYTg4M2U2ODg2IiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInBvc3RmaXhNYWlsQWRkcmVzcyI6ImZyYW5jaXNAbWVkLWxvLmV1IiwicG9zdGZpeE1haWxib3giOiJmcmFuY2lzQG1lZC1sby5ldSIsIm5hbWUiOiJGcmFuY2lzIEF1Z3VzdG8gTWVkZWlyb3MtTG9nZWF5IiwicHJlZmVycmVkX3VzZXJuYW1lIjoiZnJhbmNpcyIsImdpdmVuX25hbWUiOiJGcmFuY2lzIEF1Z3VzdG8iLCJmYW1pbHlfbmFtZSI6Ik1lZGVpcm9zLUxvZ2VheSIsImVtYWlsIjoiZnJhbmNpc0BtZWQtbG8uZXUifQ.Cehd8sbCTihfq1SKQitLTPfZZAWHx31sy8I6YydY_3eZvyHRellhQz1F9NxFt0uHaFk3KeddHV6U9z14qT7fStDp18ECJodSdcDt4k6J7geNjSbO3jSXOfk5JTbNPv0agi9e767E54g2ZkStPEezrAYY83msx7JSVpEmwKItSrDyyAWH44jp0OsnaLVCOZP1gBklTgiDt7uVsFwL9kpGamsMt62jNADnIAt6qLapHofiXi7GuIKdQP8-IG_7cCcpY6bEvcHiSgqhIpk5UHgMsljNQOkCKDpQ5rrTmRxloVF1y1zE7LYPNcugC_ZF_5TzxhVTEdEOLL9Q5epdlJvtvQ]: Submitted (requests left=1) Nov 20 08:20:30 auth: Debug: http-client: host auth.mydomain.com: DNS lookup successful; got 1 IPs Nov 20 08:20:30 auth: Debug: http-client: peer 10.10.100.10:443 (shared): Peer created Nov 20 08:20:30 auth: Debug: http-client: peer 10.10.100.10:443: Peer pool created Nov 20 08:20:30 auth: Debug: http-client[1]: peer 10.10.100.10:443: Peer created Nov 20 08:20:30 auth: Debug: http-client[1]: queue https://auth.mydomain.com:443: Setting up connection to 10.10.100.10:443 (SSL=auth.mydomain.com) (1 requests pending) Nov 20 08:20:30 auth: Debug: http-client[1]: peer 10.10.100.10:443: Linked queue https://auth.mydomain.com:443 (1 queues linked) Nov 20 08:20:30 auth: Debug: http-client[1]: queue https://auth.mydomain.com:443: Started new connection to 10.10.100.10:443 (SSL=auth.mydomain.com) Nov 20 08:20:30 auth: Debug: http-client[1]: peer 10.10.100.10:443: Creating 1 new connections to handle requests (already 0 usable, connecting to 0, closing 0) Nov 20 08:20:30 auth: Debug: http-client[1]: peer 10.10.100.10:443: Making new connection 1 of 1 (0 connections exist, 0 pending) Nov 20 08:20:30 auth: Debug: http-client: conn 10.10.100.10:443 [1]: Connecting Nov 20 08:20:30 auth: Debug: http-client: conn 10.10.100.10:443 [1]: Waiting for connect (fd=23) to finish for max 0 msecs Nov 20 08:20:30 auth: Debug: http-client: conn 10.10.100.10:443 [1]: HTTPS connection created (1 parallel connections exist) Nov 20 08:20:30 auth: Debug: http-client: conn 10.10.100.10:443 [1]: Client connection failed (fd=23) Nov 20 08:20:30 auth: Debug: http-client[1]: peer 10.10.100.10:443: Connection failed (1 connections exist, 0 pending) Nov 20 08:20:30 auth: Debug:
Re: Minimum configuration for Dovecot SASL only?
Hi, I use the same setup with the following packages: # dpkg -l |grep dovecot ii dovecot-core 2:2.3.21-1+debian10 amd64secure POP3/IMAP server - core files ii dovecot-mysql2:2.3.21-1+debian10 amd64secure POP3/IMAP server - MySQL support postfix main.cf Parameters: ... smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = no ... And it works without problems. Best Urban Am 03.11.23 um 17:55 schrieb Nick Lockheart: I have a Dovecot IMAP server and a Postfix server on separate machines. The user information is stored in a MariaDB database that is replicated on both servers. Postfix needs to authenticate outgoing mail against our valid user database. I believe this requires us to install a "dummy" Dovecot on the Postfix server so that Dovecot SASL can provide authentication to Postfix from the database. I think Cyrus had a standalone Cyrus-SASL package, but Dovecot doesn't? If I wanted to setup a Dovecot instance on the Postfix server just for the purposes of SMTP authentication, and not use it to handle any mail, what is the minimum configuration required to make that work? Is the dovecot-common package (Debian) enough? Or do I need the full dovecot-imap package? What protocols go in the protocols directive? Can you just make it "protocols = auth" to disable IMAP connections? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: auth: Panic: file oauth2-request.c assertion failed
Hi, no one has received the same error? In the meantime I upgraded to dovecot 2.3.20. But the error is still here. ii dovecot-core 2:2.3.20-3+debian10 amd64secure POP3/IMAP server - core files ii dovecot-dbg 2:2.3.20-3+debian10 amd64secure POP3/IMAP server - debug symbols ii dovecot-imapd2:2.3.20-3+debian10 amd64secure POP3/IMAP server - IMAP daemon ii dovecot-lmtpd2:2.3.20-3+debian10 amd64secure POP3/IMAP server - LMTP server ii dovecot-managesieved 2:2.3.20-3+debian10 amd64secure POP3/IMAP server - ManageSieve server ii dovecot-mysql2:2.3.20-3+debian10 amd64secure POP3/IMAP server - MySQL support ii dovecot-pop3d2:2.3.20-3+debian10 amd64secure POP3/IMAP server - POP3 daemon ii dovecot-sieve2:2.3.20-3+debian10 amd64secure POP3/IMAP server - Sieve filters support The error produces also "lmtp" and "quota-status" delays: ... Sep 5 07:43:18 dcot-server-1 dovecot: auth: Panic: file oauth2-request.c: line 201 (oauth2_request_start): assertion failed: (oauth2_valid_token(input->token)) Sep 5 07:43:18 dcot-server-1 dovecot: auth: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x3d) [0x7f216adab85d] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7f216adab97e] -> /usr/lib/dovecot/libdovecot.so.0(+0x10091b) [0x7f216adb891b] -> /usr/lib/dovecot/libdovecot.so.0(+0x1009b1) [0x7f216adb89b1] -> /usr/lib/dovecot/libdovecot.so.0(+0x54b7c) [0x7f216ad0cb7c] -> /usr/lib/dovecot/libdovecot.so.0(+0x4605a) [0x7f216acfe05a] -> /usr/lib/dovecot/libdovecot.so.0(oauth2_passwd_grant_start+0xfa) [0x7f216ad1576a] -> dovecot/auth(db_oauth2_lookup+0x2ca) [0x55f3c150968a] -> dovecot/auth(auth_request_default_verify_plain_continue+0x2d6) [0x55f3c14ec436] -> dovecot/auth(auth_policy_check+0x2b) [0x55f3c14e671b] -> dovecot/auth(+0x29f72) [0x55f3c14f5f72] -> dovecot/auth(+0x1ad83) [0x55f3c14e6d83] -> /usr/lib/dovecot/libdovecot.so.0(+0x83db0) [0x7f216ad3bdb0] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f216adcee59] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x131) [0x7f216add0481] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c) [0x7f216adceefc] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x7f216adcf080] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f216ad41e73] -> dovecot/auth(main+0x415) [0x55f3c14e0bf5] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7f216aa6c09b] -> dovecot/auth(_start+0x2a) [0x55f3c14e0d8a] Sep 5 07:43:18 dcot-server-1 dovecot: imap(4188908): Error: auth-master: login: request [959315969]: Login auth request failed: Disconnected from auth server, aborting (auth connected 4432 msecs ago, request took 21 msecs, client-pid=4184929 client-id=1741) Sep 5 07:43:18 dcot-server-1 dovecot: auth: Fatal: master: service(auth): child 4184931 killed with signal 6 (core dumps disabled - https://dovecot.org/bugreport.html#coredumps) Sep 5 07:43:18 dcot-server-1 dovecot: lmtp(u...@domain.com pid:4185087 session:): Error: auth-master: userdb lookup(u...@domain.com): write(auth socket) failed: Broken pipe Sep 5 07:43:18 dcot-server-1 dovecot: lmtp(4185087): Error: lmtp-server: conn unix:pid=4188719,uid=101 [68]: rcpt u...@domain.com: Failed to lookup user u...@domain.com: Internal error occurred. Refer to server log for more information. Sep 5 07:43:18 dcot-server-1 dovecot: quota-status(us...@domain.com pid:4185003 session:<>): Error: auth-master: userdb lookup(us...@domain.com): write(auth socket) failed: Broken pipe Sep 5 07:43:18 dcot-server-1 dovecot: quota-status(4185003): Error: Failed to lookup user us...@domain.com: Internal error occurred. Refer to server log for more information. ... Have you any idea how i can fix this? Perhaps there is something wrong with my configuration. Many Thanks Urban Am 07.12.22 um 14:49 schrieb Urban Loesch: Hi, I'm running a postfix smtp relay server on which users are getting authenticated trough sasl via the dovecot authentication service. This works without problems. Recently I extended my configuration to authenticate users with the PLAIN mechanism against Azure AD B2C with oauth2 in the future. Important to mention is that currently no users are stored in Azure B2C. I only prepared the hole configuration and authentiucation falls back to mysql database. Now sometimes I get the error below in my logs (not permanently): ... Dec 7 11:36:49 relay-out1 dovecot: auth: Panic: file oauth2-request.c: line 201 (oauth2_request_start): assertion failed: (oauth2_valid_token(input->token)) Dec 7 11:36:49 relay-out1 dovecot:
Re: Dovecot quota and Postfix smtpd_recipient_restrictions?
Hi, I would like to enable (the same) quota (count) for all (virtual)users, on Debian Stretch, Postfix 3.1.8, Dovecot 2.2.27, and is not clear for me if I need to tell Postfix to communicate with the service in /etc/postfix/main.cf as here: smtpd_recipient_restrictions = ... check_policy_service inet:mailstore.example.com:12340 I configured it like your example above and it works for me. Best Urban
Re: Moving Alternate Storage to another disk.
Hi, if you have the new disk installed on the same server you can try: - mount new disk for example in /mnt/temp - rsync -vaWH all files + directories from the old to the new disk - stop dovecot so no changes will happen on disks - make a final rsync again -> should not take many time - umout the old disk - mount new disk to the original "alt-storage" path, so you don't have to change each soft-link in each users directory. - start dovecot Not tested, but in theory it should work. Best Urban Am 31.12.18 um 15:02 schrieb bOnK: Hello, Dovecot 2.3.4_3 on FreeBSD 11.2. I am using mdbox Alternate Storage since about two years without any problems. However, the disk containing this storage is almost full and I have to move this data to another disk, probably zpool. Would it be okay to do the following? 1) Shut down dovecot (and mail server) so no new mail comes in. 2) Copy/move all files in ALT location to new disk, using shell commands like cp/mv/cpdup. 3) Change the path to ALT in dovecot-conf mail_location. 4) Change the 'dbox-alt-root' soft-links in each users main (INBOX) directory to point to this new location. 5) Start up dovecot and mail server. Am I missing something or maybe there is a better way?