Dovecot trying to fetch a directory that contains a typo, couldn't figure out where to fix it

2024-09-29 Thread Yassine Chaouche via dovecot

Dear list,

I am encountering an unusual issue where Thunderbird is incorrectly accessing my 
"Messagerie" folder.
While there are no visible errors within Thunderbird,
Dovecot logs reveal several permission-denied messages linked to the folder 
structure.

Sep 29 16:45:20 imap(a.chaou...@domain.tld): Debug: acl vfile: file 
/var/vmail/domain.tld/a.chaouche/dovecot/../.Messagerie/dovecot-acl not found
Sep 29 16:45:20 imap(a.chaou...@domain.tld): Error: 
open(/var/vmail/domain.tld/a.chaouche/dovecot/../.Messagerie/cur/-Tlevel=matching)
 failed: Permission denied (euid=1001(vmail) egid=1001(vmail) missing +r perm: 
/var/vmail/a
lgerian-radio.dz/a.chaouche/dovecot/../.Messagerie/cur/-Tlevel=matching)
Sep 29 16:45:20 imap(a.chaou...@domain.tld): Error: 
open(/var/vmail/domain.tld/a.chaouche/dovecot/../.Messagerie/cur/-Tlevel=matching)
 failed: Permission denied (euid=1001(vmail) egid=1001(vmail) missing +r perm: 
/var/vmail/a
lgerian-radio.dz/a.chaouche/dovecot/../.Messagerie/cur/-Tlevel=matching)
Sep 29 16:45:20 imap(a.chaou...@domain.tld): Info: Disconnected: Internal error 
occurred. Refer to server log for more information. [2024-09-29 16:45:20] 
in=1215 out=278901
Sep 29 16:45:20 imap(a.chaou...@domain.tld): Debug: acl vfile: file 
/var/vmail/domain.tld/a.chaouche/dovecot/../.Drafts/dovecot-acl not found


Notably, the path includes a suspicious "-Tlevel=matching" string, which seems 
to have originated from a typo during the use of a sieve-test command I recently used, 
something like this:

$ sieve-test -Tlevel=matching ../../dovecot/sieve/perso.sieve 
./1727184793.M761376P16269.messagerie-prep\,S=4871\,W=5001\:2\,Sb -t -

Despite a thorough search on all the Dovecot configuration directory,
no such entry for "matching" exists.

root@messagerie-prep[10.10.10.19] /var/vmail/algerian-radio.dz/a.chaouche # 
grep matching  -r dovecot/
root@messagerie-prep[10.10.10.19] /var/vmail/algerian-radio.dz/a.chaouche #

This issue appears exclusive to Thunderbird,
as the webmail client Roundcube functions normally,
indicating a client-specific error.

Any insights on resolving this discrepancy would be greatly appreciated.
Config below:

doveconf -n

root@messagerie-prep[10.10.10.19] /var/vmail/algerian-radio.dz/a.chaouche # 
doveconf -n
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11
auth_mechanisms = plain login
auth_verbose = yes
deliver_log_format = <%f>:%s %$
disable_plaintext_auth = no
log_path = /var/log/dovecot.log
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l lport=%a 
service=%s ssl=%k
mail_debug = yes
mail_location = Maildir:~/../
mail_plugins = " quota acl notify mail_log"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave editheader
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = INBOX.
  separator = .
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  acl = vfile
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename 
append
  mail_log_fields = uid box msgid from subject
  quota = maildir:User quota
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 Mailbox is full
  quota_status_success = DUNNO
  quota_warning = storage=95%% quota-socket 95 %u
  quota_warning2 = storage=80%% quota-socket 80 %u
  sieve = ~/.dovecot.sieve
  sieve_before = /var/vmail/mailfilters/spam.sieve
  sieve_before2 = ~/backup.sieve
  sieve_dir = ~/sieve
  sieve_extensions = +editheader
  sieve_global_dir = /var/vmail/mailfilters/
  sieve_max_redirects = 0
}
postmaster_address = r...@algerian-radio.dz
protocols = " imap lmtp sieve pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
mode = 0666
  }
}
service imap-postlogin {
  executable = script-login /var/vmail/mailfilters/postlogin
  user = root
}
service imap {
  executable = imap
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
  }
}
service quota-script {
  executable = script /root/SCRIPTS/MAIL/quotawarning.sh
  unix_listener quota-socket {
user = vmail
  }
  user = root
}
service quota-status {
  client_limit = 1
  executable = quota-status -p postfix
  unix_listener /var/spool/postfix/private/quota-status-socket {
group = postfix
mode = 0600
user = postfix
  }
}
ssl_cert = :%s %$
dict_db_config =
director_doveadm_port = 0
director_mail_servers =
director_servers =
director_user_expire = 15 mins
director_username_hash = %u
disable_plaintext_auth = no
dotlock_use_excl = yes
doveadm_allowed_co

Re: auth-worker doesn't systematically log the IP

2024-07-23 Thread Yassine Chaouche via dovecot

Le 7/22/24 à 18:53, Aki Tuomi via dovecot a écrit :


You would probably want to use the new event based system for these logs:

event_exporter log {
   format = json
   format_args = time-rfc3339
   transport = log
}

metric auth_failed {
   event=filter=auth_request_finished and not success=yes
   exporter=log
}

Aki



Many thanks for the suggestion Aki.

Best,

--
yassine -- sysadm
+213-779 06 06 23
http://about.me/ychaouche
Looking for side gigs.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org


auth-worker doesn't systematically log the IP

2024-07-22 Thread Yassine Chaouche via dovecot

Dear list,

look at this grep auth-worker | nl output from my dovecot log :

   166  Jul 22 15:49:47 auth-worker(24409): Info: 
sql(hakim.boukha...@domain.tld): unknown user
   167  Jul 22 15:49:47 auth-worker(13026): Info: sql(p...@domain.tld): unknown 
user
   168  Jul 22 15:53:00 auth-worker(13026): Info: 
sql(feriel.ab...@domain.tld,10.10.10.19): Password mismatch
   169  Jul 22 15:53:15 auth-worker(13026): Info: 
sql(feriel.ab...@domain.tld,10.10.10.19): Password mismatch
   170  Jul 22 15:55:26 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   171  Jul 22 15:59:30 auth-worker(13026): Info: 
sql(radioaintemouchent.domain.tld,10.10.10.19): unknown user
   172  Jul 22 15:59:43 auth-worker(13026): Info: 
sql(mouadouss...@radioalgerie.dz): unknown user
   173  Jul 22 16:00:38 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   174  Jul 22 16:00:58 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   175  Jul 22 16:02:01 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   176  Jul 22 16:09:35 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   177  Jul 22 16:09:42 auth-worker(13026): Info: sql(p...@domain.tld): unknown 
user
   178  Jul 22 16:10:11 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   179  Jul 22 16:15:37 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   180  Jul 22 16:26:55 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   181  Jul 22 16:32:01 auth-worker(13026): Info: sql(it_...@domain.tld): 
unknown user
   182  Jul 22 16:35:37 auth-worker(19555): Info: sql(it_...@domain.tld): 
unknown user

As you can see,
sometimes the IP addresses of the dubious login attempts are noted,
other times this crucial piece of evidence is conspicuously absent.

I am wondering what is the source of all those login attempts?
or could those be mere username lookups instead to test for mail deliverability?

Many thanks,

--
yassine -- sysadm
+213-779 06 06 23
http://about.me/ychaouche
Looking for side gigs.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org


Re: dovecot sasl support

2019-03-24 Thread Yassine Chaouche via dovecot

On 3/24/19 10:01 AM, Wojciech Puchar via dovecot wrote:




so it will listen on the same socket.


the effect with sendmail is as below

Mar 23 21:23:29 <2.3> puchar dovecot: auth: Error: Authentication 
client not compatible with this server (mixed old and new binaries?)



do i need to specify something while compiling sendmail to make it 
compatible?



solved by setting saslauthd to authenticate over imap - through 
dovecot server.

testsaslauthd shows it works fine.


The optimum setup though would be to auth directly against dovecot. A 
redirection through saslauthd seems unnecessary.


> but it seems sendmail strips domain name from entered login.

What backend do you use for authentication ? (system / virtual users ?)

Yassine.



Re: Dovecot quota and Postfix smtpd_recipient_restrictions?

2019-03-23 Thread Yassine Chaouche via dovecot

On 3/21/19 10:17 PM, Davide Marchi via dovecot wrote:



I've a doubt (again): Is it correct the the space between 
"[..]service" and "inet[..]"? As suggested here: 
https://blog.sys4.de/postfix-dovecot-mailbox-quota-en.html


I've run:

postconf smtpd_recipient_restrictions=check_policy_service 
inet:mailstore.example.com:12340


but obtain the error:

postconf: fatal: missing '=' after attribute name: 
"inet:mailstore.example.com:12340"


Please, which is the correct syntax? :-)


Thanks again!

Davide


Davide,

I think this is the shell that is giving three arguments to postconf 
instead of just one (beacuse of the space). In order to disable this, 
you might want to try to put the whole argument between quotes. You also 
forgot to give the command the -e switch in order to edit the main.cf 
file. Try :


postconf -e smtpd_recipient_restrictions="check_policy_service 
inet:mailstore.example.com:12340"


Yassine.



Re: dovecot.sieve shows up as a mailbox

2019-03-21 Thread Yassine Chaouche via dovecot

On 3/21/19 4:13 PM, Aki Tuomi via dovecot wrote:

On 21 March 2019 17:05 Yassine Chaouche via dovecot  wrote:

[...]
While not very intuitive, I have :

mail_home = /var/mail/vmail/%d/%n/dovecot
mail_location = maildir:~/..

Which works for me ^^'

Yassine.

Except it would have the same problem, but with 'dovecot' as folder under some 
configurations.

Aki


Well, none of my users have reported they can see that folder. I myself 
use webmail, thunderbird on my PC and k9 mail on my phone and don't see 
that folder in any of these clients.


Yassine.



Re: dovecot.sieve shows up as a mailbox

2019-03-21 Thread Yassine Chaouche via dovecot

On 3/21/19 3:57 PM, Aki Tuomi via dovecot wrote:

This because you have a very common misconfiguration, which is that your 
mail_home and mail_location are pointing to same directory, and that lead into 
this problem.

Solution is of course to use:

mail_home = /var/mail/vmail/%d/%n
mail_location = maildir:~/Mail

Aki


While not very intuitive, I have :

mail_home = /var/mail/vmail/%d/%n/dovecot
mail_location = maildir:~/..

Which works for me ^^'

Yassine.



Re: Dovecot quota and Postfix smtpd_recipient_restrictions?

2019-03-20 Thread Yassine Chaouche via dovecot

On 3/19/19 6:00 PM, Davide Marchi via dovecot wrote:

[...] is not clear for me if I need to tell Postfix to communicate 
with the service in /etc/postfix/main.cf as here:



smtpd_recipient_restrictions =
    ...
    check_policy_service inet:mailstore.example.com:12340

Davide


Hey Davide,

You don't *have* to, but you can. Now whether you should or shouldn't is 
up to you. The downside of enabling this is that if John is over quota, 
then if you try to send a mail to three recipients John, Mary and 
Socrates postfix will refuse to relay mail for any of them, even if only 
John is over quota. This has confused my users who couldn't understand 
why things were like this, but apparently this is how postfix is 
designed to work ? (or is it a protocol limitation ?)


I don't know if other people here can testify of this or have they found 
a way to circumvent this ? (or more likely is it simply a bad 
configuration on my part ^:^' ?)


Yassine.




Re: testing dovecot LMTP with postfix/spamassassin

2019-03-17 Thread Yassine Chaouche via dovecot

On 3/17/19 11:59 AM, Yassine Chaouche via dovecot wrote:

On 3/17/19 11:10 AM, Marek Kozlowski via dovecot wrote:


Thank you but...
Please mind that I'm planning to use dovecot LMTP rather than LDA.

Best regards,
Marek 


There's /usr/lib/dovecot/lmtp too

Yassine.


Here's a bad example :

root@messagerie[10.10.10.19] ~ # /usr/lib/dovecot/lmtp
220 messagerie.algerian-radio.dz Dovecot ready.
Info: Connect from local
EHLO
502 5.5.2 Unknown command
HELO
502 5.5.2 Unknown command
LHLO localhost
250-messagerie.algerian-radio.dz
250-8BITMIME
250-ENHANCEDSTATUSCODES
250 PIPELINING
TO:a.chaouche
502 5.5.2 Unknown command
MAIL FROM:ush...@us.gov
501 5.5.4 Invalid parameters
MAIL FROM:
250 2.1.0 OK
RCPT TO:a.chaou...@algerian-radio.dz
501 5.5.4 Invalid parameters
RCPT TO:
250 2.1.5 OK
DATA
354 OK
Subject: Just a test

This is the body of the mail

.
lmtp(11746, a.chaou...@algerian-radio.dz): Info: copy from : 
box=INBOX, uid=12210, msgid=, from=, subject=Just a test
lmtp(11746, a.chaou...@algerian-radio.dz): Info: dzRBHgkqjlziLQAArJM0yg: 
sieve: <>:Just a test stored mail into mailbox 'INBOX'

250 2.0.0  dzRBHgkqjlziLQAArJM0yg Saved


It's missing a lot of important fields I guess, but it made it to my 
inbox ^^'





Re: testing dovecot LMTP with postfix/spamassassin

2019-03-17 Thread Yassine Chaouche via dovecot

On 3/17/19 11:10 AM, Marek Kozlowski via dovecot wrote:


Thank you but...
Please mind that I'm planning to use dovecot LMTP rather than LDA.

Best regards,
Marek 


There's /usr/lib/dovecot/lmtp too

Yassine.



Re: testing dovecot LMTP with postfix/spamassassin

2019-03-17 Thread Yassine Chaouche via dovecot



On 3/16/19 3:49 PM, Marek Kozlowski via dovecot wrote:
Can I test local mail delivery by dovecot LMTP manually? I mean: to 
simulate "I'm the Postfix" and produce for some testing e-mail the 
same effect as postfix granting it via `local_transport' to dovecot?


Best regards,
Marek


You can use dovecot-lda like this :

cat <

Re: How to create sent items, drafts and so on

2019-03-17 Thread Yassine Chaouche via dovecot

On 3/17/19 8:59 AM, Sakuma, Koshiro via dovecot wrote:

Hello,
I've setup Dovecot and Postfix mailing systems.  The protocol is 
imap.  Now, I've realized that there are no "sent items, drafts" boxed 
under Maildir for each users.  I would like to take back up Inbox, 
sent items, draft boxes.  For sent items box, it seems to be stored in 
outlook client file which is "ost".  The configuration parameters and 
version is as follows.  I can see that "namespace" has been 
configured.  How can I setup to see these folders?


Thank you for your support!


I believe these folders (sent, draft etc.) are created by the MUA on 
first IMAP connexion. Can you confirm that these folders are created 
when you connect to your IMAP account for the first via a mail client ?


If you are accessing your e-mail via a webmail, make sure to configure 
your webmail to create those folders for you. For example, with 
roundcube the config is :


$config['drafts_mbox']    = 'INBOX.Drafts';
$config['junk_mbox']  = 'INBOX.Junk';
$config['sent_mbox']  = 'INBOX.Sent';
$config['trash_mbox'] = 'INBOX.Trash';
$config['create_default_folders'] = true;

Yassine.




Re: Unable to set quota-fs plugin [fixed]

2019-03-17 Thread Yassine Chaouche via dovecot

I'm happy you fixed it ! how did you figure that out ?

Yassine.

On 3/15/19 10:16 AM, Eric Grammatico via dovecot wrote:

The issue was in the systemd service file. The option PrivateDevices was 
setted. It prevents the service to have access to physical devices. I removed 
this option and from there, quota is reported without errors.

Thanks for your support

Regards,

-
Eric Grammatico _/)


14 mars 2019 16:42 "Eric Grammatico"  a écrit:

Sure !!

I got it ! I have connected with kmail, which keeps the imap opened and which 
has generated the
error several times during the session. Please find attached the strace.

Not sure this strace will help. I executed '/usr/libexec/dovecot/imap -u eric' 
and typed the same
command as in the strace and it worked

Could someone have a look in the strace and suggest some ideas to progress ?

Thanks and best regards,

-
Eric Grammatico _/)

14 mars 2019 16:08 "Yassine Chaouche via dovecot"  a écrit:


How I'd love if I could just launch dovecot (with symbols) in a debugger, set a 
breakpoint in the
right function call, and login from Rainloop. Then I could run the process one 
step at a time and
inspect everything...

Yassine.

On 3/14/19 3:59 PM, Eric Grammatico via dovecot wrote:


The error is generated when a user get connect from a client (RainLoop, a web 
UI). I don't know if
the client request the quota or if it's automagically pushed from the imap 
process. I'd say the
client requests. My problem is the process imap generating the error is 
launched just before and
stopped right after the error is raised and thus quite difficult to trace the 
process.

-
Eric Grammatico _/)

14 mars 2019 15:46 "Yassine Chaouche via dovecot"  a écrit:

On 3/14/19 3:40 PM, Eric Grammatico via dovecot wrote:


Hi there,

Well.. I didn't find a way to strace imap. If I well understood, the faulty 
IMAP is launched by
dovecot from or after a succesfull imap-login process. I have executed manually
'/usr/libexec/dovecot/imap -u eric' and typed getquotaroot "INBOX" which didn't 
reproduce the error
seen in the dovecot logs and reported the correct quota.

Any idea how to find the imap command generating the error

imap(eric)<3085>: Error: Failed to get quota resource 
STORAGE: quota-fs:
quotactl(Q_GETQUOTA, /dev/vda1) failed: No such file or directory

Thanks and regards,
-
Eric Grammatico _/)

How did you get that error in the first place ? :p

Yassine.


Re: Unable to set quota-fs plugin

2019-03-14 Thread Yassine Chaouche via dovecot
How I'd love if I could just launch dovecot (with symbols) in a 
debugger, set a breakpoint in the right function call, and login from 
Rainloop. Then I could run the process one step at a time and inspect 
everything...


Yassine.

On 3/14/19 3:59 PM, Eric Grammatico via dovecot wrote:

The error is generated when a user get connect from a client (RainLoop, a web 
UI). I don't know if the client request the quota or if it's automagically 
pushed from the imap process. I'd say the client requests. My problem is the 
process imap generating the error is launched just before and stopped right 
after the error is raised and thus quite difficult to trace the process.

-
Eric Grammatico _/)


14 mars 2019 15:46 "Yassine Chaouche via dovecot"  a écrit:

On 3/14/19 3:40 PM, Eric Grammatico via dovecot wrote:


Hi there,

Well.. I didn't find a way to strace imap. If I well understood, the faulty 
IMAP is launched by
dovecot from or after a succesfull imap-login process. I have executed manually
'/usr/libexec/dovecot/imap -u eric' and typed getquotaroot "INBOX" which didn't 
reproduce the error
seen in the dovecot logs and reported the correct quota.

Any idea how to find the imap command generating the error

imap(eric)<3085>: Error: Failed to get quota resource 
STORAGE: quota-fs:
quotactl(Q_GETQUOTA, /dev/vda1) failed: No such file or directory

Thanks and regards,
-
Eric Grammatico _/)

How did you get that error in the first place ? :p

Yassine.


Re: Unable to set quota-fs plugin

2019-03-14 Thread Yassine Chaouche via dovecot

On 3/14/19 3:40 PM, Eric Grammatico via dovecot wrote:

Hi there,

Well.. I didn't find a way to strace imap. If I well understood, the faulty IMAP is 
launched by dovecot from or after a succesfull imap-login process. I have executed 
manually '/usr/libexec/dovecot/imap -u eric' and typed getquotaroot "INBOX" 
which didn't reproduce the error seen in the dovecot logs and reported the correct quota.

Any idea how to find the imap command generating the error

imap(eric)<3085>: Error: Failed to get quota resource 
STORAGE: quota-fs: quotactl(Q_GETQUOTA, /dev/vda1) failed: No such file or directory

Thanks and regards,
-
Eric Grammatico _/)


How did you get that error in the first place ? :p

Yassine.



Re: regarding ssl certificates

2019-03-14 Thread Yassine Chaouche via dovecot

On 3/14/19 11:46 AM, mick crane via dovecot wrote:

Excuse dopey question.
I'm not exactly clear about certificates.
Apache2 default install has this snake oil certificate
Can make a new one for apache
Can make one for dovecot
Can make one for ssl
Is there supposed to be the one (self signed ) certificate pair in one 
place for the machine that each process hands out ?

Can they be moved to another machine ?

mick


Not a dovecot specific question, but I use the same certificate for 
apache, dovecot and postfix, for my domain name, on any number of 
machines, except they must all have the same hostname (they don't all 
have the same name at the same time).


I see no difference between a self-signed certificate and a broken 
certificate. In both cases you have warnings in the browser/mail client. 
In both cases you need to hit the "accept anyway" button.


Yassine.



Re: Unable to set quota-fs plugin

2019-03-14 Thread Yassine Chaouche via dovecot

On 3/14/19 9:53 AM, Yassine Chaouche via dovecot wrote:


On 3/13/19 2:10 PM, Eric Grammatico via dovecot wrote:

Thanks Aki,

Please find attached strace for imap and quota-status which report an 
error at the end.


Regards,


write(2, "/usr/libexec/dovecot/quota-statu"..., 
57/usr/libexec/dovecot/quota-status: invalid option -- 'u'


Please retry with the good options (-u is invalid)

Yassine.


Ah, that seems to be the service that is called by the MTA before 
delivering the mail to the LDA, in case the user is over quota, so that 
the MTA may bounce the e-mail right away instead of accepting it first 
then bouncing afterwards (after the LDA refuses the message).


But according to the error message you posted on your first e-mail, the 
error happens with imap, I don't know if quota-status is involved here 
(might be) ?


In any case, I would concentrate on imap and not quota-status. Nothing 
in the imap strace shows any trace of errors. Particulary, I was looking 
for a quotactl line in the strace, but I couldn't find it.


In the other hand, it is present in the doveadm quota strace, and has 
completed successfully


dovecot.strace:quotactl(QCMD(Q_GETQUOTA, USRQUOTA), "/dev/vda1", 1000, 
{dqb_bhardlimit=4194304, dqb_bsoftlimit=3170304, dqb_curspace=638853120, 
dqb_ihardlimit=0, dqb_isoftlimit=0, dqb_curinodes=12784, ...}) = 0


Someone has to tell us under what conditions will the imap daemon check 
for quota (at login ? at delivery or any other action involving moving 
mail around like copying or expunging ?)



For the quota-status libexec, I have set it to run with quota-status -f 
postfix but your setup may vary (if it's every configured).  If it is 
running, you can just grep it's pid with pgrep quota-status then strace 
-p $PID and see how it behaves (wait until a quota operation is needed).



Yassine.



Re: Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart

2019-03-14 Thread Yassine Chaouche via dovecot

On 3/14/19 9:55 AM, Patrick Cernko via dovecot wrote:

[...] the way we have configured exim, it neither needs reload or 
restart but reads the certificate file every time it has to use it.


What happens if you goof off in the middle of an opeartion, temporarily 
putting a wrong file instead of the new certificate, and exim starts 
delivering the new broken certificate right away ? or breaks ? or 
clients can't connect anymore with TLS ? or don't connect at all if you 
don't allow non-TLS connexions ?


Yassine.



Re: Unable to set quota-fs plugin

2019-03-14 Thread Yassine Chaouche via dovecot



On 3/13/19 2:10 PM, Eric Grammatico via dovecot wrote:

Thanks Aki,

Please find attached strace for imap and quota-status which report an error at 
the end.

Regards,


write(2, "/usr/libexec/dovecot/quota-statu"..., 
57/usr/libexec/dovecot/quota-status: invalid option -- 'u'


Please retry with the good options (-u is invalid)

Yassine.




Re: Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart

2019-03-14 Thread Yassine Chaouche via dovecot

On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote:
The general answere here is try and see, as you could totally test it 
on your own. The certificate is read at startup and put in memory for 
the rest of the execution time. Dovecot won't monitor the file for 
changes on disk, as this would waste CPU cycles and make dovecot only 
slower for no reason. The process (or person) that changes the file is 
responsible to restart dovecot to reload the new certificate in memory.


Yassine.


I should mention that this is also true for Apache and postfix.

Yassine.



Re: Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart

2019-03-14 Thread Yassine Chaouche via dovecot
The general answere here is try and see, as you could totally test it on 
your own. The certificate is read at startup and put in memory for the 
rest of the execution time. Dovecot won't monitor the file for changes 
on disk, as this would waste CPU cycles and make dovecot only slower for 
no reason. The process (or person) that changes the file is responsible 
to restart dovecot to reload the new certificate in memory.


Yassine.

On 3/14/19 9:14 AM, Guido Goluke, MajorLabel via dovecot wrote:
Running dovecot 2.2, apologies if this question has been asked before: 
I've done the research but couldn't find anything.


I run a server that uses dovecot as a MUA for Postfix and have a Let's 
Encrypt certificate that auto-renews through certbot on Ubuntu server 
16.04. Dovecot did not pick up on the new certificate for the 
hostname. It did after a restart. To be clear: Let's Encrypt 
overwrites the previous certificate using the same path and filename. 
Am I right to assume that Dovecot needs a reload/restart after the 
certificate has been renewed in order to 'pick up' on the new 
certificate and if so, would I require a reload or a restart?


Thank you in advance



Re: Unable to set quota-fs plugin

2019-03-13 Thread Yassine Chaouche via dovecot


On 3/13/19 10:14 AM, Eric Grammatico via dovecot wrote:

[...]
Mar 11 17:56:20 mail.xxx.xx dovecot[4923]: 
imap()<4939>: Error: Failed to get quota 
resource STORAGE: quota-fs: quotactl(Q_GETQUOTA, /dev/vda1) failed: No 
such file or directory


That's odd, I usually see s*da (not *v*da) in most systems I've worked 
with, as in *S*csi Drive A.


Yassine.



Re: sieve vacation to an alias group

2019-03-10 Thread Yassine Chaouche via dovecot



On 3/10/19 12:35 PM, Monis Monther via dovecot wrote:

[...]

This is actually what I have done now, but I want it to be more 
robust, if this user quits, then I must have someone else in the group 
with the rule.

[...]


Yeah, a multipurpose, reusable notificati...@domain.tld fake / bot email 
account :)


Yassine.



Re: sieve vacation to an alias group

2019-03-10 Thread Yassine Chaouche via dovecot
Since sending to the alias will send to a, b and c, just define the 
filter on one mailbox only instead of making it global I guess.


Yassine.

On 3/10/19 11:51 AM, Yassine Chaouche via dovecot wrote:


I am curious to know how did you define the filter on an alias in the 
first place ? is it a filter defined globaly in dovecot ? I don't see 
how it can be defined in any individual mailbox. Can you show the 
dovecot/sieve configuration to achieve this ?


Yassine.

On 3/10/19 11:40 AM, Monis Monther via dovecot wrote:

Hi Yassine,

Thanks for the effort, unfortunately, we cannot turn it into an 
actual mailbox, this is a long story that I don't want to include 
here. but it would not be a valid option in our environment. Any 
other ideas


Is it possible to do it with vacation? Is there another auto 
responder or plugin that can achieve this? How do ticketing systems 
handle this?


Thanks
Monis

On Sun, Mar 10, 2019 at 11:13 AM Yassine Chaouche via dovecot 
mailto:dovecot@dovecot.org>> wrote:



On 3/10/19 9:07 AM, Yassine Chaouche via dovecot wrote:


On 3/9/19 12:41 PM, Monis Monther via dovecot wrote:


Hi,

We have an alias group named x...@example.com
<mailto:x...@example.com>, this alias group has 3 actual users
a...@example.com <mailto:a...@example.com>, b...@example.com
<mailto:b...@example.com> and c...@example.com <mailto:c...@example.com>

We set vacation rule on the generic sieve rule, the problem is
that 3 responses are sent to the original sender. (obviously
because the rule is being executed with each user in the alias
group)

Is it possible to set auto response only once, we tried the (
:days 1) option but still all 3 respond back.

How can such a setup be achieved. (Single auto response to an
alias group)

CentOS 7.5
dovecot-pigeonhole-2.3.4.1-1.x86_64
dovecot-2.3.4.1-1.x86_64
postfix 2.10-1


-- 
Best Regards

Monis


Hello Monis,

As a workaround, you can turn x...@example.com
<mailto:x...@example.com> into an actual mailbox and give
a...@example.com <mailto:a...@example.com>, b...@example.com
<mailto:b...@example.com> and c...@example.com <mailto:c...@example.com>
read-only shared folder access.

Yassine.



As a request for comments and improvements, here's a my script to
share folders via acl files and symlinks (dovecot must be
configured accordingly) :

root@messagerie[10.10.10.19] /usr/local/scripts/mail # cat
sharemailbox.single
#!/bin/bash

function create_link {
    l_src=$1
    l_dst=$2
    l_maildir=$3
    t_maildir=$(echo "$3" | tr . ․)
    t_dst="$l_dst"/.shared."$t_maildir"
    echo pointing "$t_dst" to "$l_src"
    echo ln -s "$l_src/" "$t_dst"
    ln -s "$l_src/" "$t_dst"

}


function verifier_email {
    l_email=$1
    if ! searchmailbox.strict.sql $l_email > /dev/null
    then
    echo "l'utilisateur $l_email n'a pas pu être trouvé dans
la base de données." >&2
    return 1
    fi
    return 0
}

function set_acl {
    l_maildir=$1
    l_email=$2
    echo "giving $l_email access to $l_maildir"
    if [ ! -d $l_maildir ]
    then
    #.Sent isn't there yet.
    return
    fi
    acl_file="$l_maildir/dovecot-acl"
    echo "echo user=$l_email lr >> $acl_file"
    echo user="$l_email" lr >> "$acl_file"
    chown vmail:vmail "$acl_file"
}


if [ "$#" -lt 2 ]
then
    echo "usage : $0 part...@domain.com
<mailto:part...@domain.com> us...@domain.com
<mailto:us...@domain.com> us...@domain.com
<mailto:us...@domain.com> ... "
    exit 1
fi

email="$1"
inbox="${email%@*}"
domain="${email#*@}"
src="/var/vmail/$domain/$inbox"
if ! verifier_email "$email"
then
    echo "exit at 1"
    exit 1
fi


shift
for share_email in $@
do
    if ! verifier_email $share_email
    then
    continue
    fi
    share_inbox="${share_email%@*}"
    share_domain="${share_email#*@}"
share_maildir=/var/vmail/"$share_domain"/"$share_inbox"
    #echo grep "$share_email" "$src"/dovecot-acl
    if grep "$share_email" "$src"/dovecot-acl > /dev/null 2>&1
    then
    # then is executed when exit status is 0
    # exist status is 0 when there is a match
    echo "$share_email" has already access to "$email"
    else
    set_acl $src $share_email
    create_link $src $share_maildir $inbox
    fi
done
root@messagerie[10.10.10.19] /usr/local/scripts/mail #



--
Best Regards
Monis


Re: sieve vacation to an alias group

2019-03-10 Thread Yassine Chaouche via dovecot
I am curious to know how did you define the filter on an alias in the 
first place ? is it a filter defined globaly in dovecot ? I don't see 
how it can be defined in any individual mailbox. Can you show the 
dovecot/sieve configuration to achieve this ?


Yassine.

On 3/10/19 11:40 AM, Monis Monther via dovecot wrote:

Hi Yassine,

Thanks for the effort, unfortunately, we cannot turn it into an actual 
mailbox, this is a long story that I don't want to include here. but 
it would not be a valid option in our environment. Any other ideas


Is it possible to do it with vacation? Is there another auto responder 
or plugin that can achieve this? How do ticketing systems handle this?


Thanks
Monis

On Sun, Mar 10, 2019 at 11:13 AM Yassine Chaouche via dovecot 
mailto:dovecot@dovecot.org>> wrote:



On 3/10/19 9:07 AM, Yassine Chaouche via dovecot wrote:


On 3/9/19 12:41 PM, Monis Monther via dovecot wrote:


Hi,

We have an alias group named x...@example.com
<mailto:x...@example.com>, this alias group has 3 actual users
a...@example.com <mailto:a...@example.com>, b...@example.com
<mailto:b...@example.com> and c...@example.com <mailto:c...@example.com>

We set vacation rule on the generic sieve rule, the problem is
that 3 responses are sent to the original sender. (obviously
because the rule is being executed with each user in the alias
group)

Is it possible to set auto response only once, we tried the (
:days 1) option but still all 3 respond back.

How can such a setup be achieved. (Single auto response to an
alias group)

CentOS 7.5
dovecot-pigeonhole-2.3.4.1-1.x86_64
dovecot-2.3.4.1-1.x86_64
postfix 2.10-1


-- 
Best Regards

Monis


Hello Monis,

As a workaround, you can turn x...@example.com
<mailto:x...@example.com> into an actual mailbox and give
a...@example.com <mailto:a...@example.com>, b...@example.com
<mailto:b...@example.com> and c...@example.com <mailto:c...@example.com>
read-only shared folder access.

Yassine.



As a request for comments and improvements, here's a my script to
share folders via acl files and symlinks (dovecot must be
configured accordingly) :

root@messagerie[10.10.10.19] /usr/local/scripts/mail # cat
sharemailbox.single
#!/bin/bash

function create_link {
    l_src=$1
    l_dst=$2
    l_maildir=$3
    t_maildir=$(echo "$3" | tr . ․)
    t_dst="$l_dst"/.shared."$t_maildir"
    echo pointing "$t_dst" to "$l_src"
    echo ln -s "$l_src/" "$t_dst"
    ln -s "$l_src/" "$t_dst"

}


function verifier_email {
    l_email=$1
    if ! searchmailbox.strict.sql $l_email > /dev/null
    then
    echo "l'utilisateur $l_email n'a pas pu être trouvé dans
la base de données." >&2
    return 1
    fi
    return 0
}

function set_acl {
    l_maildir=$1
    l_email=$2
    echo "giving $l_email access to $l_maildir"
    if [ ! -d $l_maildir ]
    then
    #.Sent isn't there yet.
    return
    fi
    acl_file="$l_maildir/dovecot-acl"
    echo "echo user=$l_email lr >> $acl_file"
    echo user="$l_email" lr >> "$acl_file"
    chown vmail:vmail "$acl_file"
}


if [ "$#" -lt 2 ]
then
    echo "usage : $0 part...@domain.com
<mailto:part...@domain.com> us...@domain.com
<mailto:us...@domain.com> us...@domain.com
<mailto:us...@domain.com> ... "
    exit 1
fi

email="$1"
inbox="${email%@*}"
domain="${email#*@}"
src="/var/vmail/$domain/$inbox"
if ! verifier_email "$email"
then
    echo "exit at 1"
    exit 1
fi


shift
for share_email in $@
do
    if ! verifier_email $share_email
    then
    continue
    fi
    share_inbox="${share_email%@*}"
    share_domain="${share_email#*@}"
share_maildir=/var/vmail/"$share_domain"/"$share_inbox"
    #echo grep "$share_email" "$src"/dovecot-acl
    if grep "$share_email" "$src"/dovecot-acl > /dev/null 2>&1
    then
    # then is executed when exit status is 0
    # exist status is 0 when there is a match
    echo "$share_email" has already access to "$email"
    else
    set_acl $src $share_email
    create_link $src $share_maildir $inbox
    fi
done
root@messagerie[10.10.10.19] /usr/local/scripts/mail #



--
Best Regards
Monis


Re: sieve vacation to an alias group

2019-03-10 Thread Yassine Chaouche via dovecot


On 3/10/19 9:07 AM, Yassine Chaouche via dovecot wrote:


On 3/9/19 12:41 PM, Monis Monther via dovecot wrote:


Hi,

We have an alias group named x...@example.com 
<mailto:x...@example.com>, this alias group has 3 actual users 
a...@example.com <mailto:a...@example.com>, b...@example.com 
<mailto:b...@example.com> and c...@example.com <mailto:c...@example.com>


We set vacation rule on the generic sieve rule, the problem is that 3 
responses are sent to the original sender. (obviously because the 
rule is being executed with each user in the alias group)


Is it possible to set auto response only once, we tried the ( :days 
1) option but still all 3 respond back.


How can such a setup be achieved. (Single auto response to an alias 
group)


CentOS 7.5
dovecot-pigeonhole-2.3.4.1-1.x86_64
dovecot-2.3.4.1-1.x86_64
postfix 2.10-1


--
Best Regards
Monis


Hello Monis,

As a workaround, you can turn x...@example.com into an actual mailbox 
and give a...@example.com, b...@example.com and c...@example.com read-only 
shared folder access.


Yassine.



As a request for comments and improvements, here's a my script to share 
folders via acl files and symlinks (dovecot must be configured 
accordingly) :


root@messagerie[10.10.10.19] /usr/local/scripts/mail # cat 
sharemailbox.single

#!/bin/bash

function create_link {
    l_src=$1
    l_dst=$2
    l_maildir=$3
    t_maildir=$(echo "$3" | tr . ․)
    t_dst="$l_dst"/.shared."$t_maildir"
    echo pointing "$t_dst" to "$l_src"
    echo ln -s "$l_src/" "$t_dst"
    ln -s "$l_src/" "$t_dst"

}


function verifier_email {
    l_email=$1
    if ! searchmailbox.strict.sql $l_email > /dev/null
    then
    echo "l'utilisateur $l_email n'a pas pu être trouvé dans la 
base de données." >&2

    return 1
    fi
    return 0
}

function set_acl {
    l_maildir=$1
    l_email=$2
    echo "giving $l_email access to $l_maildir"
    if [ ! -d $l_maildir ]
    then
    #.Sent isn't there yet.
    return
    fi
    acl_file="$l_maildir/dovecot-acl"
    echo "echo user=$l_email lr >> $acl_file"
    echo user="$l_email" lr >> "$acl_file"
    chown vmail:vmail "$acl_file"
}


if [ "$#" -lt 2 ]
then
    echo "usage : $0 part...@domain.com us...@domain.com 
us...@domain.com ... "

    exit 1
fi

email="$1"
inbox="${email%@*}"
domain="${email#*@}"
src="/var/vmail/$domain/$inbox"
if ! verifier_email "$email"
then
    echo "exit at 1"
    exit 1
fi


shift
for share_email in $@
do
    if ! verifier_email $share_email
    then
    continue
    fi
    share_inbox="${share_email%@*}"
    share_domain="${share_email#*@}"
    share_maildir=/var/vmail/"$share_domain"/"$share_inbox"
    #echo grep "$share_email" "$src"/dovecot-acl
    if grep "$share_email" "$src"/dovecot-acl > /dev/null 2>&1
    then
    # then is executed when exit status is 0
    # exist status is 0 when there is a match
    echo "$share_email" has already access to "$email"
    else
    set_acl $src $share_email
    create_link $src $share_maildir $inbox
    fi
done
root@messagerie[10.10.10.19] /usr/local/scripts/mail #



Re: sieve vacation to an alias group

2019-03-10 Thread Yassine Chaouche via dovecot

On 3/9/19 12:41 PM, Monis Monther via dovecot wrote:


Hi,

We have an alias group named x...@example.com , 
this alias group has 3 actual users a...@example.com 
, b...@example.com  and 
c...@example.com 


We set vacation rule on the generic sieve rule, the problem is that 3 
responses are sent to the original sender. (obviously because the rule 
is being executed with each user in the alias group)


Is it possible to set auto response only once, we tried the ( :days 1) 
option but still all 3 respond back.


How can such a setup be achieved. (Single auto response to an alias group)

CentOS 7.5
dovecot-pigeonhole-2.3.4.1-1.x86_64
dovecot-2.3.4.1-1.x86_64
postfix 2.10-1


--
Best Regards
Monis


Hello Monis,

As a workaround, you can turn x...@example.com into an actual mailbox and 
give a...@example.com, b...@example.com and c...@example.com read-only shared 
folder access.


Yassine.



Re: readonly archive folders using squashfs

2019-03-09 Thread Yassine Chaouche via dovecot
For every u...@domain.tld I created a u...@backup.domain.tld where he 
could look up deleted messages (archive).


I then made u...@backup.domain.tld's cur directory a shared directory to 
u...@domain.tld but only with read privileges. So, anytime the user 
wants to read his old messages, he only needs to read his .archive 
folder, which is u...@backup.domain.tld's cur. No need to make the 
filesystem read-only.


The difficulty is to make sure that every e-mail, sent or received, gets 
backed up properly before being deleted. Relying on cron jobs is not an 
option since the e-mail can be deleted and expunged before the script 
has a chance to get executed and do the backup. So what I did is to 
create a hidden sieve filter for every user's **main** mailbox 
(u...@domain.tld) that automatically creates a copy of every incoming 
message to the u...@backup.domain.tld mailbox. For outgoing e-mail, one 
can do a bcc map in postfix (or the equivalent in other SMTP software) 
that ensures that every sent mail is also sent to 
user+s...@backup.domain.tld, then you can create a filter in the user's 
**backup** mailbox (u...@backup.domain.tld) that filters on the 
user+sent part of the e-mail and stores every e-mail sent to that e-mail 
address to the .Sent directory in the u...@backup.domain.tld mailbox.



Finally, the backup.domain.tld doesn't even have to be declared in the 
DNS nor in /etc/hosts and can be entirely virtual to the MTA (for ex. in 
postfix that would only be added to virtual_mailbox_domains)


Yassine.

On 3/8/19 12:49 AM, Natu via dovecot wrote:

I have a dovecot server running under CentOS using maildir format.  Due
to the issue with minimum blocksize for files I would like to offer some
kind of readonly archive using something like the compressed squashfs
where I would move messages to be archived to a maildir folder and then
convert "cur" directory into a squashfs and mount it in place of the
original directory so my biggest users could have readonly access to
older messages without it using so much disk space.

Has anyone tried anything like this before and is dovecot likely to
complain about the readonly cur directory?  If the complaints are
minimal and didn't cause other problems it might be ok.  Any better
ideas to implement something like this?

Thank You,

Natu




Re: Dovecot Logging and Shell Script Hang

2019-02-28 Thread Yassine Chaouche via dovecot

On 2/27/19 7:00 PM, Aki Tuomi via dovecot wrote:


On 27 February 2019 18:49 Asai via dovecot  wrote:


Greetings,

We have a PHP based shell script that runs a doveadm backup routine.

[...] the shell script would run for a few minutes and then hang, as it added 
more log messages to the dsync STDOUT.


You might want to enable mail_log plugin for imap/pop3 protocols only.


I would also log what the backup script is doing and go from there ?

If PHP supports signal handling, you could also try to see if there's 
traceback library for PHP and attach the traceback functions to a system 
signal like SIGUSR1 in your backup script. You can send that signal from 
the command line (with kill) whenever you script hangs. This would give 
you the exact stack of function calls that lead to the hangup.


If you want, you can check this archived page (https://archive.li/bi3rZ) 
(skip to Where was the program hanging ?). Although it's written for a 
python program, you can apply the same principles for PHP.


Yassine.




Re: Linking mailboxes

2019-02-27 Thread Yassine Chaouche via dovecot

So did you get everything fixed up ?

> doveadm(lightdm): Error: Can't open mailbox Storage/Email: 
stat(/run/media/computer/Storage/Email/tmp) failed: Permission denied 
(euid=976(lightdm) egid=976(lightdm) missing +x perm: 
/run/media/computer/Storage/Email, dir owned by 5000:5000 mode=0700)


Now it's another user that needs to access that directory (lightdm, 
euid=976). I would add lightdm to the vmail group and make the directory 
group readable and accessible, so chmod g+rx 
/run/media/computer/Storage/Email and any other folder it's complaining 
about.


Yassine.


Re: Linking mailboxes

2019-02-25 Thread Yassine Chaouche via dovecot

Hello Kunal,

I've done this once, and it was for bakcup mail too :) in this page 
(https://ychaouche.informatick.net/dovecotsharefolders) I describe how I 
shared folders between main e-mail account and backup e-mail account 
with symlinks and dovecot-acl files pretty easily.


Yassine.

On 2/24/19 6:57 PM, Aki Tuomi via dovecot wrote:


On 24 February 2019 18:17 "Kunal A. via dovecot" 
 wrote:



Hi,
I am new to Dovecot and I am trying to link an email account folder 
to another Maildir(its a backup of the older email). I want the email 
account to be able to access the older emails.

I am assuming this is done by creating a symlink?

Currently reading instructions on this page:-
https://wiki.dovecot.org/SharedMailboxes/Symlinks

At the moment I have the folder:-
/var/mail/vhosts/ example.com/email1/Maildir/.INBOX.newfolder 



Inside the folder:-

drwx--. 2 vmail vmail 4096 Feb 23 13:39 cur
-rw---. 1 vmail vmail  232 Feb 23 13:43 dovecot.index.log
-rw---. 1 vmail vmail   51 Feb 23 13:43 dovecot-uidlist
-rw---. 1 vmail vmail    0 Feb 23 13:39 maildirfolder
drwx--. 2 vmail vmail 4096 Feb 23 13:39 new
lrwxrwxrwx. 1 root  root    45 Feb 23 13:46 Other -> 
/run/media/computer/Storage/Email/mail/Other

drwx--. 2 vmail vmail 4096 Feb 23 13:39 tmp
lrwxrwxrwx. 1 root  root 5 Feb 23 13:46 Users -> Users

I am not able to access the folders in the Other folder 
structure(inside other there are other email inboxes ie( 
ema...@example.com , ema...@example.com 
,etc.). I want to get access to all the 
email subfolders. Could someone here advise how to do this or point 
me to some tutorials for this. Sincere apologies for this and many 
thanks in advance for helping...



Dovecot -n output :-

# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf
# OS: Linux 4.20.10-200.fc29.x86_64 x86_64 Fedora release 29 (Twenty 
Nine)

# Hostname: computer
auth_mechanisms = plain login
mail_location = maildir:~/Maildir
mail_privileged_group = mail
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
postmaster_address = postmaster at example.com 
protocols = imap pop3
service auth-worker {
  user = vmail
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
  user = dovecot
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
ssl = required
ssl_cert = 

Try setting mail_debug=yes and provide logs. This gives better insight 
as to what happens.


---
Aki Tuomi


Re: Using SHA256/512 for SQL based password

2019-02-20 Thread Yassine Chaouche via dovecot


On 2/20/19 3:28 PM, Robert Moskowitz via dovecot wrote:


Here's how I configured my roundcube's password plugin to keep things 
together ($roundcubefolder/plugins/password/config.php)


$config['password_algorithm']    = 'dovecot';
$config['password_algorithm_prefix'] = '{SHA512-CRYPT}';
$config['password_dovecotpw_method'] = 'SHA512-CRYPT';
$config['password_query']    = "UPDATE mail.users SET password=%P WHERE 
email=%u LIMIT 1";

I left other fields alone.

Yassine.

Thanks much better info than I was seeing in my googling.  Except I 
would not use %p:


// The SQL query used to change the password.
// The query can contain the following macros that will be expanded as 
follows:

// %p is replaced with the plaintext new password
// %c is replaced with the crypt version of the new password, MD5 if 
available

// otherwise DES.
// %D is replaced with the dovecotpw-crypted version of the new password
[...]

%D seems to be what I want...

the rcmail_config[] syntax you pasted in your mail indicates you're 
using a very old version of roundcube. Here's the relevant content of my 
version of the password plugin :


// The SQL query used to change the password.

// The query can contain the following macros that will be expanded as follows:

//  %p is replaced with the plaintext new password

//  %P is replaced with the crypted/hashed new password

// according to configured password_method
[...}

// Deprecated macros:

//  %c is replaced with the crypt version of the new password, MD5 if 
available

// otherwise DES. More hash function can be enabled using the 
password_crypt_hash

// configuration parameter.

//  %D is replaced with the dovecotpw-crypted version of the new password
[...]


Notice the difference b/w %p and %P. Also notice that %D is marked as 
deprecated.




And in mysql, I believe the table is mailbox.

Oh that depends entirely on your choice of naming and what table 
structure you have chosen.


I got from: 
https://kaworu.ch/blog/2016/04/20/strong-crypt-scheme-with-dovecot-postfixadmin-and-roundcube/



Ah, it seems Aki and I have already visited this link before ^^'

Yassine.






Re: Error sending email from client

2019-02-20 Thread Yassine Chaouche via dovecot

On 2/18/19 2:29 PM, Latin Bishop via dovecot wrote:


Feb 18 08:26:41 pepino postfix/smtps/smtpd[5328]: warning: unknown smtpd restriction: 
"permit_ssl_authenticated"


Try to change

permit_ssl_authenticated

to

permit_s*a*sl_authenticated

(+a)

But as Sami said this is a postfix issue and you should have more 
replies in the postfix list instead.


Yassine.




Re: Using SHA256/512 for SQL based password

2019-02-20 Thread Yassine Chaouche via dovecot

On 2/12/19 5:05 PM, Robert Moskowitz via dovecot wrote:
I have trying to find how to set the dovecot-sql.conf for using 
SHA256/512.  I am going to start clean with the stronger format, not 
migrate from the old MD5.  It seems all I need is:

[...] default_pass_scheme = SHAxxx-CRYPT [...]


How do your users change their password ?

Here's how I configured my roundcube's password plugin to keep things 
together ($roundcubefolder/plugins/password/config.php)


$config['password_algorithm']    = 'dovecot';

$config['password_algorithm_prefix'] = '{SHA512-CRYPT}';

$config['password_dovecotpw_method'] = 'SHA512-CRYPT';

$config['password_query']    = "UPDATE mail.users SET password=%P WHERE 
email=%u LIMIT 1";

I left other fields alone.

Yassine.