Re: Sieve generate a lot of hard link copies of mails in mailboxes
>>>>> "George" == George Asenov via dovecot writes: I don't have a real suggestion, but I do think you can clarify your problem. > No one have idea what is wrong here? > On 07-Jun-24 4:10 PM, George Asenov via dovecot wrote: >> Hello, >> >> I have very strange issue. Sieve generate copies of users messages i.e. >> not real copies but hardlinks for the same message. It happens to many >> messages but not every message and not every time, it is not a single >> user issue I have couple users with that issue. Are you expecting sieve to generate copies? And are the copies in the same folder or across folders? I.e. do you find an email in the INBOX, and a hardlink in the SPAM folder? What are the sizes of these emails? Are they all large? Or have attachements? Is there anything that's common amongst those emails? One idea might be to setup a test account and to just send it a bunch of emails to try and make the problem occur. And to also look closely at the rspamd logs as well. What is the size of the system memory on your dovecot server? And what is the size of the dovecot.index.cache file when you see this error? You should be able to delete the index and recreate it using doveadm. But from the sound of it, you have users with many thousands of emails in a folder or folders. Can you check to see if there's any relationship between users with larger numbers of hardlinks and those with large numbers of emails? And maybe instead of having sieve call rspam, maybe you can put it into a milter and just have the >> It happens during auto reporting for spam/ham with sieve. >> But I'm unable to reproduce it. >> >> At some point the hardlinks copies become so many that the mailbox index >> files become so bug that dovecot start throwing error: >> >> dovecot[3385911]: imap(redac...@domain.tld)<1992901>: >> Error: Mailbox Junk: mmap(size=520636784) failed with file >> /var/lib/dovecot-virtualmin/index/redac...@domain.tld/.Junk/dovecot.index.cache: >> Cannot allocate memory >> >> other relevant logs are: >> >> dovecot: imap-login: Login: user=, method=PLAIN, >> rip=YYY.YYY.YYY.YYY, lip=XXX.XXX.XXX.XXX, mpid=3393763, TLS, >> session= >> dovecot: imap(redacted.user)<3393763>: sieve: DEBUG: >> learn-spam.sieve was triggered on imap.cause=COPY: >> msgid=<87584056G78841203D85243127W62181551P@idomziqnd> >> dovecot: imap(redacted.user)<3393763>: sieve: DEBUG: >> learn-spam on imap.cause=COPY: from=redacted.mail, to=redacted2.mail, >> subject=Asseyez-vous confortablement, n'importe où..., >> msgid=<87584056G78841203D85243127W62181551P@idomziqnd>, >> X-Spamd-Result=default: False [4.49 / 15.00]; >> FORGED_RECIPIENTS(2.00)[m:redacted2.mail,s:redacted.user.fr]; >> BAYES_SPAM(1.89)[88.30%]; MID_RHS_NOT_FQDN(0.50)[]; >> BAD_REP_POLICIES(0.10)[]; RCVD_NO_TLS_LAST(0.10)[]; >> MIME_GOOD(-0.10)[multipart/related,multipart/alternative,text/plain]; >> ASN(0.00)[asn:34300, ipnet:62.173.128.0/19, country:RU]; >> RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~,5:+]; >> RCPT_COUNT_ONE(0.00)[1]; MISSING_XM_UA(0.00)[]; ARC_NA(0.00)[]; >> RCVD_VIA_SMTP_AUTH(0.00)[]; GREYLIST(0.00)[pass,body]; >> R_DKIM_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; >> R_SPF_ALLOW(0.00)[+mx]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[or.mg]; >> NEURAL_SPAM(0.00)[0.000] >> dovecot: imap(redacted.user)<3393763>: sieve: DEBUG: >> learn-spam send to rspamd spam >> dovecot: imap(redacted.user)<3393763>: program >> exec:/var/lib/dovecot/sieve/rspamd-learn-spam.sh (3397238): Terminated >> with non-zero exit code 1 >> dovecot: imap(redacted.user)<3393763>: Error: sieve: >> failed to execute to program `rspamd-learn-spam.sh': refer to server log >> for more information. [2024-06-03 07:36:40] >> dovecot: imap(redacted.user)<3393763>: Disconnected: >> Connection closed (UID FETCH finished 32.173 secs ago) in=2914 out=39237 >> deleted=1 expunged=1 trashed=0 hdr_count=14 hdr_bytes=10705 body_count=1 >> body_bytes=1606 >> >> I know that this is because the mail which is reported is too big for >> curl but documentation say that Wait, how large is this email you're trying to process? So once you have rspamd-learn-spam.sh crash on you, then you are really having an rspam problem. Do you really need to scan large attachements? What is your rspam configuration? And have you talked to people on the rspamd mailing list on how to configure things? >> $ >> pipe :copy :try "rspamd-l
Re: AW: [EXT] Re: Dovecot community repositories
> On 06/13/2024 2:33 AM MDT MK via dovecot wrote: > > What is the reason that Debian 12/Ubuntu 22.04/RHEL 9 are not supported by CE > 2.3? OS-provided dependencies that won't work with 2.3 code (e.g., OpenSSL). michael ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: AW: [ext] Re: Dovecot community repositories
On 13/06/2024 05:28, MK via dovecot wrote: but with Debian there is e.g. only 2.3.19 and if you want 2.3.21 then only the community repo would remain. There's 2.3.21 in stable-backports. -- They also surf who only stand on waves. Eduardo M KALINOWSKI edua...@kalinowski.com.br ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: how to disable port 143
We use fail2ban also. It's good for automatically updating the Linux firewall based on the system logs. However, if you just want to block one port for everyone you can do it yourself with one firewall rule. For instance, if you have a database server that should only be accessed by systems on the LAN. you can put in a rule to accept any computers on the LAN followed by a rule to refuse all connect requests. That way even if a hacker gets your database password he can't get into the system. Jerry On 6/9/2024 11:22 PM, Jeff Peng wrote: We already have thousands of fw rules by fail2ban :) On 2024-06-10 10:44, Jerry Stuckle via dovecot wrote: If you don't want to accept any requests on port 143, can't you use the Linux firewall to reject them? That's what we do and it works well. Jerry ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
AW: [EXT] Re: Dovecot community repositories
Thanks Michael for the information. What is the reason that Debian 12/Ubuntu 22.04/RHEL 9 are not supported by CE 2.3? I think for the user it would be best to get dovecot lates version from the community repo. In the past this works realy fine for me with RHEL 7/8 based Distros. Oliver -Ursprüngliche Nachricht- Von: Michael Slusarz Gesendet: Mittwoch, 12. Juni 2024 14:57 An: MK ; MK via dovecot Betreff: [EXT] Re: Dovecot community repositories > On 06/12/2024 5:37 AM MDT MK via dovecot wrote: > > just a short question to the dovecot people, maybe Aki or someone else can > answer this. > Will there be an update to the Dovecot community repositories in the near > future? > The repositories are lagging behind the current distributions. Just as an > example: Debian 12 has been released in 06/2023, this is one year ago and > there are still no packages for it. > Same for Ubutun 22.04, RHEL 9... Is there still any interest from dovecot > side to continue to maintain the community repostitorys? The community repositories continue to be maintained. Debian 12/Ubuntu 22.04/RHEL 9 are not supported by CE 2.3 so we don't build packages for them. They will be supported in CE 2.4. Distros may have done their own work to modify Dovecot source to get 2.3 to build/package on these systems. michael ___________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
AW: [ext] Re: Dovecot community repositories
In the case of ubuntu 22.04 you are lucky, but with Debian there is e.g. only 2.3.19 and if you want 2.3.21 then only the community repo would remain. And e.g. for RHEL 9 the version I can get via RHEL Repo is 2.3.16. Get dovecot via the community repo would be the best in my optinion. Provided it is maintained. Oliver -Ursprüngliche Nachricht- Von: Ralf Hildebrandt via dovecot Gesendet: Mittwoch, 12. Juni 2024 14:27 An: dovecot@dovecot.org Betreff: Re: [ext] Re: Dovecot community repositories * Jeff Peng via dovecot : > > > I am using ubuntu 22.04, it can have dovecot installed by just run: > sudo apt install -y dovecot-core dovecot-imapd dovecot-lmtpd Yes, 2.3.16 is in the default ubuntu repositories while the community repos are at 2.3.21 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: "Read the 'bug reports page' …" -> 404
I also noticed this affects local documentation in the Dovecot release (v2.3.21), e.g. the old URL is referenced in many of the man files that get installed. It is probably a good idea to setup a 301 redirect rather than just dumping a 404 on the website too. On 12/06/24 8:05 AM, aki.tuomi wrote: > Thanks for letting us know. We'll fix this soon, use > https://dovecot.org/bugreport-mail > > Aki > > Original message > From: "H. Thiele via dovecot" > Date: 6/12/24 06:49 (GMT+00:00) > To: dovecot@dovecot.org > Subject: "Read the 'bug reports page' …" -> 404 > > > Hi there, > > while investigating how to possibly report issues to the Dovecot > project I noticed that the link to the "bug reports page" in > the "mailing list" section on dovecot.org is broken and leads to > a 404. > > > https://www.dovecot.org/mailing-lists/ -> > "Read the 'bug reports page' before posting a bug report. …" > > -> "The page you are looking for is not found" > > > > regards, > H. Thiele > ___ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-le...@dovecot.org > ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Sieve generate a lot of hard link copies of mails in mailboxes
No one have idea what is wrong here? On 07-Jun-24 4:10 PM, George Asenov via dovecot wrote: Hello, I have very strange issue. Sieve generate copies of users messages i.e. not real copies but hardlinks for the same message. It happens to many messages but not every message and not every time, it is not a single user issue I have couple users with that issue. It happens during auto reporting for spam/ham with sieve. But I'm unable to reproduce it. At some point the hardlinks copies become so many that the mailbox index files become so bug that dovecot start throwing error: dovecot[3385911]: imap(redac...@domain.tld)<1992901>: Error: Mailbox Junk: mmap(size=520636784) failed with file /var/lib/dovecot-virtualmin/index/redac...@domain.tld/.Junk/dovecot.index.cache: Cannot allocate memory other relevant logs are: dovecot: imap-login: Login: user=, method=PLAIN, rip=YYY.YYY.YYY.YYY, lip=XXX.XXX.XXX.XXX, mpid=3393763, TLS, session= dovecot: imap(redacted.user)<3393763>: sieve: DEBUG: learn-spam.sieve was triggered on imap.cause=COPY: msgid=<87584056G78841203D85243127W62181551P@idomziqnd> dovecot: imap(redacted.user)<3393763>: sieve: DEBUG: learn-spam on imap.cause=COPY: from=redacted.mail, to=redacted2.mail, subject=Asseyez-vous confortablement, n'importe où..., msgid=<87584056G78841203D85243127W62181551P@idomziqnd>, X-Spamd-Result=default: False [4.49 / 15.00]; FORGED_RECIPIENTS(2.00)[m:redacted2.mail,s:redacted.user.fr]; BAYES_SPAM(1.89)[88.30%]; MID_RHS_NOT_FQDN(0.50)[]; BAD_REP_POLICIES(0.10)[]; RCVD_NO_TLS_LAST(0.10)[]; MIME_GOOD(-0.10)[multipart/related,multipart/alternative,text/plain]; ASN(0.00)[asn:34300, ipnet:62.173.128.0/19, country:RU]; RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~,5:+]; RCPT_COUNT_ONE(0.00)[1]; MISSING_XM_UA(0.00)[]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; GREYLIST(0.00)[pass,body]; R_DKIM_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(0.00)[+mx]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[or.mg]; NEURAL_SPAM(0.00)[0.000] dovecot: imap(redacted.user)<3393763>: sieve: DEBUG: learn-spam send to rspamd spam dovecot: imap(redacted.user)<3393763>: program exec:/var/lib/dovecot/sieve/rspamd-learn-spam.sh (3397238): Terminated with non-zero exit code 1 dovecot: imap(redacted.user)<3393763>: Error: sieve: failed to execute to program `rspamd-learn-spam.sh': refer to server log for more information. [2024-06-03 07:36:40] dovecot: imap(redacted.user)<3393763>: Disconnected: Connection closed (UID FETCH finished 32.173 secs ago) in=2914 out=39237 deleted=1 expunged=1 trashed=0 hdr_count=14 hdr_bytes=10705 body_count=1 body_bytes=1606 I know that this is because the mail which is reported is too big for curl but documentation say that $ pipe :copy :try "rspamd-learn-spam.sh"; $ this should ignore the error. I have tested also to change it like that: $ pipe :copy "rspamd-learn-spam.sh"; $ but the issue still persists I can't confirm that the issue is that error because these errors are way less than the messages with hardlink copies. Also sometimes one mail have more than two hardlinks to it. here is a example: inode# hardlink_count filename 2430090371 23850 ./Maildir/.Trash/cur/1714190559.M355157P25776.redacted.hostname,S=39259,W=40217:2,S 2430090371 23850 ./Maildir/.Trash/cur/1714190562.M259778P25902.redacted.hostname,S=39259,W=40217:2,S 2430090371 23850 ./Maildir/.Trash/cur/1714190565.M188090P26028.redacted.hostname,S=39259,W=40217:2,S 2430090371 23850 ./Maildir/.Trash/cur/1714190568.M340582P26179.redacted.hostname,S=39259,W=40217:2,S yes this is "23850" hardlinks to the same Inode ### The issue is somewhere in the sieve ham/spam reporting to rspamd but cant figure out where and why. Is this a bug or my configuration is wrong? Here are all related configurations (feel free to ask for more if needed): ###### # doveconf -n # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: Linux 4.18.0-513.24.1.el8_9.x86_64 x86_64 Rocky Linux release 8.9 (Green Obsidian) # Hostname: redacteddomain.tld auth_mechanisms = plain login disable_plaintext_auth = no first_valid_uid = 1000 mail_location = maildir:~/Maildir:INDEX=/var/lib/dovecot-virtualmin/index/%u:CONTROL=/var/lib/dovecot-virtualmin/control/%u managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds
Re: Dovecot community repositories
Just in case you did not know, dovecot has it's own repo you can add to your system to get newest updates. https://repo.dovecot.org/ For example with RHEL flavors: /etc/yum.repos.d/dovecot.repo [dovecot-2.3-latest] name=Dovecot 2.3 RHEL $releasever - $basearch baseurl=http://repo.dovecot.org/ce-2.3-latest/rhel/$releasever/RPMS/$basearch gpgkey=https://repo.dovecot.org/DOVECOT-REPO-GPG gpgcheck=1 enabled=1 ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Dovecot community repositories
> On 06/12/2024 5:37 AM MDT MK via dovecot wrote: > > just a short question to the dovecot people, maybe Aki or someone else can > answer this. > Will there be an update to the Dovecot community repositories in the near > future? > The repositories are lagging behind the current distributions. Just as an > example: Debian 12 has been released in 06/2023, this is one year ago and > there are still no packages for it. > Same for Ubutun 22.04, RHEL 9... Is there still any interest from dovecot > side to continue to maintain the community repostitorys? The community repositories continue to be maintained. Debian 12/Ubuntu 22.04/RHEL 9 are not supported by CE 2.3 so we don't build packages for them. They will be supported in CE 2.4. Distros may have done their own work to modify Dovecot source to get 2.3 to build/package on these systems. michael ___________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: [ext] Re: Dovecot community repositories
* Jeff Peng via dovecot : > > > I am using ubuntu 22.04, it can have dovecot installed by just run: > sudo apt install -y dovecot-core dovecot-imapd dovecot-lmtpd Yes, 2.3.16 is in the default ubuntu repositories while the community repos are at 2.3.21 -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Dovecot community repositories
I am using ubuntu 22.04, it can have dovecot installed by just run: sudo apt install -y dovecot-core dovecot-imapd dovecot-lmtpd Same for Ubutun 22.04, RHEL 9... Is there still any interest from dovecot side to continue to maintain the community repostitorys? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Dovecot community repositories
Hello, just a short question to the dovecot people, maybe Aki or someone else can answer this. Will there be an update to the Dovecot community repositories in the near future? The repositories are lagging behind the current distributions. Just as an example: Debian 12 has been released in 06/2023, this is one year ago and there are still no packages for it. Same for Ubutun 22.04, RHEL 9... Is there still any interest from dovecot side to continue to maintain the community repostitorys? Greetings to Everyone Oliver ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
RE: "Read the 'bug reports page' …" -> 404
Thanks for letting us know. We'll fix this soon, use https://dovecot.org/bugreport-mail Aki Original message From: "H. Thiele via dovecot" Date: 6/12/24 06:49 (GMT+00:00) To: dovecot@dovecot.org Subject: "Read the 'bug reports page' …" -> 404 Hi there,while investigating how to possibly report issues to the Dovecotproject I noticed that the link to the "bug reports page" inthe "mailing list" section on dovecot.org is broken and leads toa 404. https://www.dovecot.org/mailing-lists/ -> "Read the 'bug reports page' before posting a bug report. …" -> "The page you are looking for is not found"regards,H. Thiele_______dovecot mailing list -- dovecot@dovecot.orgTo unsubscribe send an email to dovecot-le...@dovecot.org _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Duplicate "cache" in doveadm's help text
Hi there, when I type `doveadm help` to print out the basic usage of the command then it lists the following: … mailbox cache|cache|create|delete|list|metadata|mutf7|path| rename|status|subscribe|unsubscribe|update … I'm somewhat curious about that double "cache" which looks a bit irritating to me. I would understand it, if it was 3 "cache"s (one for each of 'purge', 'decision', and 'remove', see `doveadm help mailbox`). But I do not understand 2 entries. :^) Looks like a minor bug to me. regards, H. Thiele (maybe it should list things verbosely anyway: "cache purge|cache decision|cache remove|…" ?) _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
"Read the 'bug reports page' …" -> 404
Hi there, while investigating how to possibly report issues to the Dovecot project I noticed that the link to the "bug reports page" in the "mailing list" section on dovecot.org is broken and leads to a 404. https://www.dovecot.org/mailing-lists/ -> "Read the 'bug reports page' before posting a bug report. …" -> "The page you are looking for is not found" regards, H. Thiele ___________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Lots of "Corrupted dbox file" errors in log
Hi, I'm leaving this here for others who may see the same issue and are equally
perplexed as I was:
Dovecot version 2.3.16 w/ sdbox mailbox format.
Yesterday, I noticed that I did not see any new mail in Thunderbird. But for
whatever reason, new mail did show up on my phone with K9 mail. So, new mails
were retained.
In the Dovecot logs, I was seeing multiple errors:
Corrupted dbox file
read() failed for file
No buffer space available
EOF while reading file header
Mailbox INBOX: sdbox: Rebuilding failed
Mailbox INBOX: Deleting corrupted cache: reset_id mismatch even after locking
The "Corrupted dbox file" and "EOF while reading file header" error was caused
by a message file in the INBOX mailbox that was 6681 bytes in size and had all
NUL characters. File date of that file was more than two years ago. The "No
buffer space available" error was caused by a file that also had a lot of NUL,
but also a few other characters in it. Nothing resembling regular message files
with headers and body. In total it was a handful of files causing issues. I
deleted them all with:
doveadm expunge -u {user} MAILBOX INBOX UID {filename without the leading 'u.'}
Afterwards Thunderbird showed new mails again. I did not need to restart it.
No more errors in the Dovecot logs.
Not sure what had caused this. Maybe somebody has seen this before.
Simon
_______
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
[Patch] Allow sieve redirects to specified domains only
redirects");
+ if (str_setting != NULL && *str_setting != '\0') {
+ svinst->allowed_redirects =
+ (const char **)p_strsplit_spaces(svinst->pool,
str_setting, ", ");
+ }
}
Best regards,
Jozsef
--
E-mail : kadlecsik.joz...@wigner.hun-ren.hu
PGP key: https://wigner.hu/~kadlec/pgp_public_key.txt
Address: Wigner Research Centre for Physics
H-1525 Budapest 114, POB. 49, Hungary
_______
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: how to disable port 143
We already have thousands of fw rules by fail2ban :) On 2024-06-10 10:44, Jerry Stuckle via dovecot wrote: If you don't want to accept any requests on port 143, can't you use the Linux firewall to reject them? That's what we do and it works well. Jerry ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: how to disable port 143
If you don't want to accept any requests on port 143, can't you use the Linux firewall to reject them? That's what we do and it works well. Jerry ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: [Patch] blocklist access control for dovecot pop3/imap and pigeonhole managesieve
On 09/06/2024 18:39, Aki Tuomi via dovecot wrote:
On 09/06/2024 16:50 EEST John Fawcett via dovecot wrote:
The files themselves didn't make it through the list server. I'll try
with .txt
On 09/06/2024 15:42, John Fawcett via dovecot wrote:
Hi
Just in case this is useful more generally, I'm posting it to the list.
While Dovecot has an access control via allow_nets, it is a user
database field that applies only at the authentication stage to deny
access for the specific user when there is a connection attempt from
an unauthorized ip for that user.
https://doc.dovecot.org/configuration_manual/authentication/allow_nets/
I don't believe there is anything that checks access at connect time
to deny unwanted traffic prior to authentication, for example from
compromised machines, botnets etc. Though failed connection attempts
do not appear to be a significant issue, maybe better to add some
safety net for the future.
The attached patch is proof of concept code that introduces the
parameters rbl_check and rbl_check_timeout (msecs) to the protocol
section. Tested for imap, pop3 and sieve. The following is an example
for sieve.
protocol sieve {
rbl_check = zen.spamhaus.net=127.0.0.4
rbl_check_timeout = 5000
}
If the lookup results in a hit the client is disconnected with a BYE
"Disconnected for policy." message and the logs report:
Jun 09 12:00:56 server.example.com dovecot[977650]:
managesieve-login: Disconnected: Policy (disconnected before auth was
ready, waited 1 secs): user=<>, service=sieve, rip=n.n.n.n, lip=n.n.n.n
The patch also makes the number of pre-login errors and post-login
errors configurable (max_login_command_errors and max_command_errors
respectively) for pop3, imap and sieve protocols .
protocol sieve {
max_command_errors = 1
max_login_command_errors = 1
}
A potential extension to the logic would be "allow_nets" and
"disallow_nets" parameters or maybe something more sophisticated to
allow ips/networks that would otherwise be blocked or deny additional
ips/networks.
John
How is this different than using weakforced which already supports rbl? Or
doing this in auth lua?
Hi Aki
I'm not that familiar with weakforced or auth lua, but I guess those
intervene at the authentication stage, rather than the connection stage.
John
_______
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: [Patch] blocklist access control for dovecot pop3/imap and pigeonhole managesieve
> On 09/06/2024 16:50 EEST John Fawcett via dovecot wrote:
>
>
> The files themselves didn't make it through the list server. I'll try
> with .txt
>
>
> On 09/06/2024 15:42, John Fawcett via dovecot wrote:
> > Hi
> >
> > Just in case this is useful more generally, I'm posting it to the list.
> >
> > While Dovecot has an access control via allow_nets, it is a user
> > database field that applies only at the authentication stage to deny
> > access for the specific user when there is a connection attempt from
> > an unauthorized ip for that user.
> >
> > https://doc.dovecot.org/configuration_manual/authentication/allow_nets/
> >
> > I don't believe there is anything that checks access at connect time
> > to deny unwanted traffic prior to authentication, for example from
> > compromised machines, botnets etc. Though failed connection attempts
> > do not appear to be a significant issue, maybe better to add some
> > safety net for the future.
> >
> > The attached patch is proof of concept code that introduces the
> > parameters rbl_check and rbl_check_timeout (msecs) to the protocol
> > section. Tested for imap, pop3 and sieve. The following is an example
> > for sieve.
> >
> > protocol sieve {
> > rbl_check = zen.spamhaus.net=127.0.0.4
> >
> > rbl_check_timeout = 5000
> >
> > }
> >
> > If the lookup results in a hit the client is disconnected with a BYE
> > "Disconnected for policy." message and the logs report:
> >
> > Jun 09 12:00:56 server.example.com dovecot[977650]:
> > managesieve-login: Disconnected: Policy (disconnected before auth was
> > ready, waited 1 secs): user=<>, service=sieve, rip=n.n.n.n, lip=n.n.n.n
> >
> > The patch also makes the number of pre-login errors and post-login
> > errors configurable (max_login_command_errors and max_command_errors
> > respectively) for pop3, imap and sieve protocols .
> >
> > protocol sieve {
> >
> > max_command_errors = 1
> > max_login_command_errors = 1
> >
> > }
> >
> > A potential extension to the logic would be "allow_nets" and
> > "disallow_nets" parameters or maybe something more sophisticated to
> > allow ips/networks that would otherwise be blocked or deny additional
> > ips/networks.
> >
> > John
> >
How is this different than using weakforced which already supports rbl? Or
doing this in auth lua?
Aki
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: [Patch] blocklist access control for dovecot pop3/imap and pigeonhole managesieve
The files themselves didn't make it through the list server. I'll try
with .txt
On 09/06/2024 15:42, John Fawcett via dovecot wrote:
Hi
Just in case this is useful more generally, I'm posting it to the list.
While Dovecot has an access control via allow_nets, it is a user
database field that applies only at the authentication stage to deny
access for the specific user when there is a connection attempt from
an unauthorized ip for that user.
https://doc.dovecot.org/configuration_manual/authentication/allow_nets/
I don't believe there is anything that checks access at connect time
to deny unwanted traffic prior to authentication, for example from
compromised machines, botnets etc. Though failed connection attempts
do not appear to be a significant issue, maybe better to add some
safety net for the future.
The attached patch is proof of concept code that introduces the
parameters rbl_check and rbl_check_timeout (msecs) to the protocol
section. Tested for imap, pop3 and sieve. The following is an example
for sieve.
protocol sieve {
rbl_check = zen.spamhaus.net=127.0.0.4
rbl_check_timeout = 5000
}
If the lookup results in a hit the client is disconnected with a BYE
"Disconnected for policy." message and the logs report:
Jun 09 12:00:56 server.example.com dovecot[977650]:
managesieve-login: Disconnected: Policy (disconnected before auth was
ready, waited 1 secs): user=<>, service=sieve, rip=n.n.n.n, lip=n.n.n.n
The patch also makes the number of pre-login errors and post-login
errors configurable (max_login_command_errors and max_command_errors
respectively) for pop3, imap and sieve protocols .
protocol sieve {
max_command_errors = 1
max_login_command_errors = 1
}
A potential extension to the logic would be "allow_nets" and
"disallow_nets" parameters or maybe something more sophisticated to
allow ips/networks that would otherwise be blocked or deny additional
ips/networks.
John
_______
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.orgdiff -x '*.log' -x '*.status' -x '*.deps' -x '*.a' -x '*.o' -ur
dovecot-2.3.21-orig/src/config/all-settings.c
dovecot-2.3.21/src/config/all-settings.c
--- dovecot-2.3.21-orig/src/config/all-settings.c 2023-09-14
15:18:20.0 +0200
+++ dovecot-2.3.21/src/config/all-settings.c2024-06-09 11:31:45.820319492
+0200
@@ -1750,6 +1750,7 @@
struct pop3_settings {
bool verbose_proctitle;
const char *rawlog_dir;
+ unsigned int max_bad_commands;
/* pop3: */
bool pop3_no_flag_updates;
@@ -1849,6 +1850,10 @@
unsigned int mail_max_userip_connections;
+ const char *rbl_check;
+ unsigned int rbl_check_timeout;
+ unsigned int max_login_command_errors;
+
/* generated: */
char *const *log_format_elements_split;
};
@@ -1907,6 +1912,7 @@
struct imap_settings {
bool verbose_proctitle;
const char *rawlog_dir;
+ unsigned int max_command_errors;
/* imap: */
uoff_t imap_max_line_length;
@@ -3277,6 +3283,7 @@
static const struct setting_define pop3_setting_defines[] = {
DEF(BOOL, verbose_proctitle),
DEF(STR_VARS, rawlog_dir),
+ DEF(UINT, max_bad_commands),
DEF(BOOL, pop3_no_flag_updates),
DEF(BOOL, pop3_enable_last),
@@ -3295,6 +3302,7 @@
static const struct pop3_settings pop3_default_settings = {
.verbose_proctitle = FALSE,
.rawlog_dir = "",
+ .max_bad_commands = 20,
.pop3_no_flag_updates = FALSE,
.pop3_enable_last = FALSE,
@@ -4183,6 +4191,10 @@
DEF(UINT, mail_max_userip_connections),
+ DEF(STR, rbl_check),
+ DEF(TIME_MSECS, rbl_check_timeout),
+ DEF(UINT, max_login_command_errors),
+
SETTING_DEFINE_LIST_END
};
static const struct login_settings login_default_settings = {
@@ -4209,7 +4221,11 @@
.auth_debug = FALSE,
.verbose_proctitle = FALSE,
- .mail_max_userip_connections = 10
+ .mail_max_userip_connections = 10,
+
+ .rbl_check = "",
+ .rbl_check_timeout = 10*1000,
+ .max_login_command_errors = 3
};
const struct setting_parser_info login_setting_parser_info = {
.module_name = "login",
@@ -4656,6 +4672,7 @@
static const struct setting_define imap_setting_defines[] = {
DEF(BOOL, verbose_proctitle),
DEF(STR_VARS, rawlog_dir),
+ DEF(UINT, max_command_errors),
DEF(SIZE, imap_max_line_length),
DEF(TIME, imap_idle_notify_interval),
@@ -4677,6 +4694,7 @@
static const struct imap_settings imap_default_settings = {
.verbose_proctitle = FALSE,
.rawlog_dir = "",
+ .max_command_errors = 20,
/* RFC-2683 recommends at least 8000 bytes. Some clients however don't
break large message sets to
[Patch] blocklist access control for dovecot pop3/imap and pigeonhole managesieve
Hi
Just in case this is useful more generally, I'm posting it to the list.
While Dovecot has an access control via allow_nets, it is a user
database field that applies only at the authentication stage to deny
access for the specific user when there is a connection attempt from an
unauthorized ip for that user.
https://doc.dovecot.org/configuration_manual/authentication/allow_nets/
I don't believe there is anything that checks access at connect time to
deny unwanted traffic prior to authentication, for example from
compromised machines, botnets etc. Though failed connection attempts do
not appear to be a significant issue, maybe better to add some safety
net for the future.
The attached patch is proof of concept code that introduces the
parameters rbl_check and rbl_check_timeout (msecs) to the protocol
section. Tested for imap, pop3 and sieve. The following is an example
for sieve.
protocol sieve {
rbl_check = zen.spamhaus.net=127.0.0.4
rbl_check_timeout = 5000
}
If the lookup results in a hit the client is disconnected with a BYE
"Disconnected for policy." message and the logs report:
Jun 09 12:00:56 server.example.com dovecot[977650]:
managesieve-login: Disconnected: Policy (disconnected before auth was
ready, waited 1 secs): user=<>, service=sieve, rip=n.n.n.n, lip=n.n.n.n
The patch also makes the number of pre-login errors and post-login
errors configurable (max_login_command_errors and max_command_errors
respectively) for pop3, imap and sieve protocols .
protocol sieve {
max_command_errors = 1
max_login_command_errors = 1
}
A potential extension to the logic would be "allow_nets" and
"disallow_nets" parameters or maybe something more sophisticated to
allow ips/networks that would otherwise be blocked or deny additional
ips/networks.
John
_______
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Error: Mailbox Spam: Failed to autocreate mailbox: Mailbox can't be created
Hi,
I am getting the error "Error: Mailbox Spam: Failed to autocreate
mailbox: Mailbox can't be created" and cannot figure out what is causing
it. It seems like some sort of permissions issue, but nothing I have
tried seems to fix the problem. I was running my setup for many years
without issue, and this error started occurring after a recent Ubuntu
upgrade.
I am using getmail 6.18.4 to fetch mail from a mail server, which then
calls /usr/lib/dovecot/deliver to deliver the mail to my local system.
It is during this delivery that the error occurs. The dovecot-lda
executable exits with status 75 and the log file contains:
Jun 09 08:05:54 honeydukes dovecot[1863]:
lda(sally)<1863>: Error: Mailbox Spam: Failed to
autocreate mailbox: Mailbox can't be created
Jun 09 08:05:54 honeydukes dovecot[1863]:
lda(sally)<1863>: msgid=: save failed
to open mailbox Spam: Mailbox
Below is my dovecot configuration.
Any help would be appreciated!
--
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
# OS: Linux 5.15.0-112-generic x86_64 Ubuntu 22.04.4 LTS
# Hostname: honeydukes.fios-router.home
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_location = maildir:~/Maildir
mail_privileged_group = mail
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = create
special_use = \Junk
}
mailbox Trash {
special_use = \Trash
}
prefix = INBOX.
separator = .
}
passdb {
driver = pam
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " imap sieve"
service imap-login {
inet_listener imap {
port = 0
}
}
ssl = required
ssl_cert = .com:465
userdb {
driver = passwd
}
___________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Accessing IMAP from Python with Encrypted Password
* adam: > How would you approach this scenario? I would search ye olde Internet for something like "managing secrets in Python", and take my pick from the abundant set of results returned. Note that the terms Dovecot or Postfix are not even required. -Ralph _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: how to disable port 143
that's great. now i have port 143 disabled. # netstat -ntlp|grep dovecot tcp0 0 0.0.0.0:993 0.0.0.0:* LISTEN 44800/dovecot tcp6 0 0 :::993 Thanks for the kind info. regards. I would say documented way of disabling a service listener. Aki On 09/06/2024 09:49 EEST Jeff Peng via dovecot wrote: setting port to zero, is it just a trick in dovecot? thank you. In other words set the port to zero. I only have port 993 listening. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: how to disable port 143
I would say documented way of disabling a service listener. Aki > On 09/06/2024 09:49 EEST Jeff Peng via dovecot wrote: > > > setting port to zero, is it just a trick in dovecot? thank you. > > > > In other words set the port to zero. I only have port 993 listening. > _______ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-le...@dovecot.org ___________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Accessing IMAP from Python with Encrypted Password
> On 09/06/2024 07:39 EEST adam--- via dovecot wrote: > > > Hello again Dovecoters! I have a need to access an IMAP mailbox via a Python > script to parse and stored DMARC reports in a SQL database. Right now, I have > it working however I am storing the password in plaintext in my database which > obviously is not secure. How would you approach this scenario? Would you store > the password in the database encrypted and configure Dovecot to accept said > encrypted password? If so, can you point me in the right direction to > configure > Dovecot to handle this? The client must have the password in some usable form, which usually is plaintext. The only practical alternatives are GSSAPI or Certificate authentication. If you are running the tool on *same* server, you can also directly access the mailbox with `doveadm exec imap -u username`, if you want to do some subprocess based solution. If not, what would you recommend? Is it possible to > intercept the email and upload the attachments to an AWS S3 bucket then move > the email to another folder? > Pratical S3 interactions require Dovecot Pro version. > Likewise, if someone wants to help here as well, I need to send outbound email > via an authenticated user from Postfix. How would you approach this scenario? > One option is to use dovecot submission service, and configure that to relay your mail, after authentication, to your MX servers. See https://doc.dovecot.org/admin_manual/submission_server/ > Thank you! Regards, Aki _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: how to disable port 143
setting port to zero, is it just a trick in dovecot? thank you. In other words set the port to zero. I only have port 993 listening. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: how to disable port 143
> On 9 Jun 2024, at 00:21, Jeff Peng via dovecot wrote:
>
>
> But this doesn't close the port 143.
> So I have changed it to:
>
> service imap-login {
> inet_listener imap {
>address = 127.0.0.1
>port = 143
> }
>
> This let port 143 listen on local address.
>
> my question, is it possible to close port 143 entirely in dovecot?
Hi Jeff,
This is what I have in /etc/dovecot/conf.d/10-master.conf:
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
In other words set the port to zero. I only have port 993 listening.
Pete.
___________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Accessing IMAP from Python with Encrypted Password
Hello again Dovecoters! I have a need to access an IMAP mailbox via a Python script to parse and stored DMARC reports in a SQL database. Right now, I have it working however I am storing the password in plaintext in my database which obviously is not secure. How would you approach this scenario? Would you store the password in the database encrypted and configure Dovecot to accept said encrypted password? If so, can you point me in the right direction to configure Dovecot to handle this? If not, what would you recommend? Is it possible to intercept the email and upload the attachments to an AWS S3 bucket then move the email to another folder? Likewise, if someone wants to help here as well, I need to send outbound email via an authenticated user from Postfix. How would you approach this scenario? Thank you! ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: how to disable port 143
Am 09.06.2024 um 01:21 schrieb Jeff Peng via dovecot: [ ... ] my question, is it possible to close port 143 entirely in dovecot? https://doc.dovecot.org/configuration_manual/service_configuration/#port Thanks. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
how to disable port 143
Hello,
I have commented out this line in 10-master.conf:
service imap-login {
inet_listener imap {
#port = 143
}
But this doesn't close the port 143.
So I have changed it to:
service imap-login {
inet_listener imap {
address = 127.0.0.1
port = 143
}
This let port 143 listen on local address.
my question, is it possible to close port 143 entirely in dovecot?
Thanks.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Can't Empty Inbox that is Over quota
Jason Hirsh via dovecot skrev den 2024-06-06 14:32: The logs show imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 (no auth attempts in 0 secs): user=<>, rip=69.142.122.175, lip=209.160.65.133, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session= ssl_ca = ssl_cert = ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it /etc/dovecot/conf.d/10-ssl.conf:ssl_cert = /etc/dovecot/conf.d/10-ssl.conf:ssl_key = try LE mx ~ # doveconf -d | grep cipher ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH ssl_cipher_suites = ssl_prefer_server_ciphers = no i keep above defaults ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Can't Empty Inbox that is Over quota
> On Jun 6, 2024, at 7:29 AM, Benny Pedersen via dovecot
> wrote:
>
> Jason Hirsh via dovecot skrev den 2024-06-06 03:20:
>
>> Is there anyway I can remove Dovecot from my server and reinstalll it? It
>> is so messed up I don’t care about losing data
>
> reinstall will make the same install problem fails
That would be me
>
> i often joke about precompiled problems :)
>
> more help show logs
>
The logs show
imap-login: Disconnected: Connection closed: SSL_accept() failed:
error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:
SSL alert number 46 (no auth attempts in 0 secs): user=<>, rip=69.142.122.175,
lip=209.160.65.133, TLS handshaking: SSL_accept() failed: error:14094416:SSL
routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46,
session=
Jun 5 18:18:49 triggerfish dovecot[37112]: ima
> and also doveconf -n
I tried before Burt message was tooo bg let me try again
# 2.3.21 (47349e2482): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.21 (f6cd4b8e)
# OS: FreeBSD 13.2-RELEASE-p4 amd64 ufs
# Hostname: triggerfish.theoceanwindow.com
dict {
quota = mysql:/usr/local/etc/dovecot/dovecot-dict-sql.conf.ext
}
first_valid_gid = 110
first_valid_uid = 110
hostname = triggerfish.theoceanwindow.com
last_valid_gid = 110
last_valid_uid = 110
lmtp_rcpt_check_quota = yes
mail_location = maildir:/usr/local/virtual/%d/%n
mail_plugins = quota
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
expire = Trash
imapsieve_mailbox1_before =
file:/usr/local/virtual/sieve/rspamd/rspamd-learn-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before =
file:/usr/local/virtual/sieve/rspamd/rspamd-learn-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
imapsieve_mailbox3_before = file:/usr/local/virtual/sieve/global/read.sieve
imapsieve_mailbox3_causes = COPY
imapsieve_mailbox3_name = Trash
mail_home = /usr/local/virtual/%d/%n
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
quota = dict:User quota::proxy::quota
quota_exceeded_message = Storage quota for this account has been exceeded,
please try again later.
quota_grace = 10%%
quota_max_mail_size = 100M
quota_rule = *:storage=1G
quota_rule2 = Trash:storage=+30%%
quota_rule3 = Sent:storage=+30%%
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning4 = -storage=100%% quota-warning -100 %u
sieve = /usr/local/virtual/%d/%n/.dovecot.sieve
sieve_before = /usr/local/virtual/sieve/global/default.sieve
sieve_dir = /usr/local/virtual/%d/%n/sieve
sieve_global = /usr/local/virtual/sieve/global/
sieve_global_dir = /usr/local/virtual/sieve/global/
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
sieve_pipe_bin_dir = /usr/local/virtual/sieve/rspamd
sieve_plugins = sieve_imapsieve sieve_extprograms
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
postmaster_address = ad...@theoceanwindow.com
protocols = imap pop3 lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = mail
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = mail
mode = 0666
user = vmail
}
}
service dict {
unix_listener dict {
group = vscan
mode = 0660
user = vscan
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service quota-warning {
executable = script /usr/local/virtual/bin/quota-warning.sh
unix_listener quota-warning {
user = vscan
}
user = dovecot
}
ssl_ca =
> ___
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to dovecot-le...@dovecot.org
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Dovecot Stats Plugin
Please see https://doc.dovecot.org/configuration_manual/stats/
how to configure 2.3 stats.
Aki
On 08/06/2024 00:28 EEST Adam Miller via dovecot
wrote:
Hello again everyone! I am trying to get the “doveadm stats dump”
command to work and even though it does not error, there are no
stats. When I try to enable the stats, I get the following error:
“Error: Plugin 'stats' not found from directory /usr/lib/dovecot/
modules” which is correct, the “stats” plugin does not exist. I do
have “/usr/lib/dovecot/stats”. Here’s my configuration:
Dovecot Version: 2.3.16
Operating System: Ubuntu 22.04.1
Packages Installed:
- dovecot-antispam
- dovecot-core
- dovecot-imapd
- dovecot-lmtpd
- dovecot-mysql
- dovecot-pop3d
- dovecot-sieve
Packages Available:
- dovecot-auth-lua
- dovecot-dev
- dovecot-fts-xapian
- dovecot-gssapi
- dovecot-ldap
- dovecot-lucene
- dovecot-managesieved
- dovecot-pgsql
- dovecot-solr
- dovecot-sqlite
- dovecot-submissiond
Dovecot Configuration (without stats enabled):
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
# OS: Linux 6.5.0-1020-aws x86_64 Ubuntu 22.04.4 LTS nfs4
# Hostname: ec2-us-east-1a-arda-mail-001.ardaemail.com
auth_mechanisms = plain login
auth_worker_max_count = 5
base_dir = /var/run/dovecot
debug_log_path = /var/log/dovecot/debug.log
default_internal_group = ardaemail
default_internal_user = ardaemail
dict {
quota = mysql:/etc/dovecot/inc.d/inc.quota.user.sql.conf
}
hostname = = mail.ardaemail.com
info_log_path = /var/log/dovecot/info.log
instance_name = ec2-us-east-1a-arda-mail-001.ardaemail.com
listen = 172.16.0.200
log_path = /var/log/dovecot/general.log
login_greeting = Welcome to ArdaEmail
mail_gid = ardaemail
mail_location = maildir:/mnt/mail/%d/%n
mail_max_userip_connections = 1000
mail_plugins = " quota mailbox_alias"
mail_uid = ardaemail
maildir_stat_dirs = yes
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = no
special_use = \Drafts
}
mailbox Junk {
auto = no
autoexpunge = 90 days
special_use = \Junk
}
mailbox SPAM {
auto = subscribe
autoexpunge = 90 days
}
mailbox Sent {
auto = no
special_use = \Sent
}
mailbox Trash {
auto = no
autoexpunge = 30 days
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/inc.d/inc.sql.conf
driver = sql
}
plugin {
imapsieve_mailbox1_before = file:/etc/dovecot/sieve.d/spam/learn-
spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before = file:/etc/dovecot/sieve.d/spam/learn-
ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
mailbox_alias_new = Junk Email
mailbox_alias_new2 = Junk E-mail
mailbox_alias_new3 = Sent Messages
mailbox_alias_new4 = Sent Items
mailbox_alias_new5 = Deleted Items
mailbox_alias_old = Junk
mailbox_alias_old2 = Junk
mailbox_alias_old3 = Sent
mailbox_alias_old4 = Sent
mailbox_alias_old5 = Trash
quota = dict:User Quota::proxy::quota
quota_exceeded_message = Mailbox is full and cannot receive any
more emails
quota_status_nouser = DUNNO
quota_status_success = DUNNO
quota_warning = bytes=95%% quota-warning 95 %u
quota_warning2 = bytes=85%% quota-warning 85 %u
quota_warning3 = bytes=75%% quota-warning 75 %u
recipient_delimiter = +
sieve_after = /etc/dovecot/sieve.d/after/
sieve_before = /etc/dovecot/siev
Dovecot Stats Plugin
Hello again everyone! I am trying to get the “doveadm stats dump” command to
work and even though it does not error, there are no stats. When I try to
enable the stats, I get the following error: “Error: Plugin 'stats' not found
from directory /usr/lib/dovecot/modules” which is correct, the “stats” plugin
does not exist. I do have “/usr/lib/dovecot/stats”. Here’s my configuration:
Dovecot Version: 2.3.16
Operating System: Ubuntu 22.04.1
Packages Installed:
- dovecot-antispam
- dovecot-core
- dovecot-imapd
- dovecot-lmtpd
- dovecot-mysql
- dovecot-pop3d
- dovecot-sieve
Packages Available:
- dovecot-auth-lua
- dovecot-dev
- dovecot-fts-xapian
- dovecot-gssapi
- dovecot-ldap
- dovecot-lucene
- dovecot-managesieved
- dovecot-pgsql
- dovecot-solr
- dovecot-sqlite
- dovecot-submissiond
Dovecot Configuration (without stats enabled):
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
# OS: Linux 6.5.0-1020-aws x86_64 Ubuntu 22.04.4 LTS nfs4
# Hostname: ec2-us-east-1a-arda-mail-001.ardaemail.com
auth_mechanisms = plain login
auth_worker_max_count = 5
base_dir = /var/run/dovecot
debug_log_path = /var/log/dovecot/debug.log
default_internal_group = ardaemail
default_internal_user = ardaemail
dict {
quota = mysql:/etc/dovecot/inc.d/inc.quota.user.sql.conf
}
hostname = = mail.ardaemail.com
info_log_path = /var/log/dovecot/info.log
instance_name = ec2-us-east-1a-arda-mail-001.ardaemail.com
listen = 172.16.0.200
log_path = /var/log/dovecot/general.log
login_greeting = Welcome to ArdaEmail
mail_gid = ardaemail
mail_location = maildir:/mnt/mail/%d/%n
mail_max_userip_connections = 1000
mail_plugins = " quota mailbox_alias"
mail_uid = ardaemail
maildir_stat_dirs = yes
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = no
special_use = \Drafts
}
mailbox Junk {
auto = no
autoexpunge = 90 days
special_use = \Junk
}
mailbox SPAM {
auto = subscribe
autoexpunge = 90 days
}
mailbox Sent {
auto = no
special_use = \Sent
}
mailbox Trash {
auto = no
autoexpunge = 30 days
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/inc.d/inc.sql.conf
driver = sql
}
plugin {
imapsieve_mailbox1_before = file:/etc/dovecot/sieve.d/spam/learn-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before = file:/etc/dovecot/sieve.d/spam/learn-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
mailbox_alias_new = Junk Email
mailbox_alias_new2 = Junk E-mail
mailbox_alias_new3 = Sent Messages
mailbox_alias_new4 = Sent Items
mailbox_alias_new5 = Deleted Items
mailbox_alias_old = Junk
mailbox_alias_old2 = Junk
mailbox_alias_old3 = Sent
mailbox_alias_old4 = Sent
mailbox_alias_old5 = Trash
quota = dict:User Quota::proxy::quota
quota_exceeded_message = Mailbox is full and cannot receive any more emails
quota_status_nouser = DUNNO
quota_status_success = DUNNO
quota_warning = bytes=95%% quota-warning 95 %u
quota_warning2 = bytes=85%% quota-warning 85 %u
quota_warning3 = bytes=75%% quota-warning 75 %u
recipient_delimiter = +
sieve_after = /etc/dovecot/sieve.d/after/
sieve_before = /etc/dovecot/sieve.d/before/
sieve_extensions = +spamtest +spamtestplus +virustest +notify +imapflags
sieve_global_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /etc/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_quota_max_storage = 0
sieve_spamtest_max_header = X-Spamd-Result: -?[[:digit:]]+\.[[:digit:]]+ /
(-?[[:digit:]]+\.[[:digit:]])
sieve_spamtest_status_header = X-Spamd-Result: (-?[[:digit:]]+\.[[:digit:]]+)
/ -?[[:digit:]]+\.[[:digit:]]
sieve_spamtest_status_type = score
}
postmaster_address = postmas...@ardaemail.com
protocols = imap lmtp
service auth-worker {
group = ardaemail
user = ardaemail
}
service auth {
group = ardaemail
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = ardaemail
mode = 0666
user = ardaemail
}
user = ardaemail
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
process_min_avail = 8
service_count = 0
}
service imap {
vsz_limit = 4 G
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
}
}
service quota-status {
executable = /usr/lib/dovecot/quota-status
Sieve generate a lot of hard link copies of mails in mailboxes
Hello,
I have very strange issue. Sieve generate copies of users messages i.e.
not real copies but hardlinks for the same message. It happens to many
messages but not every message and not every time, it is not a single
user issue I have couple users with that issue.
It happens during auto reporting for spam/ham with sieve.
But I'm unable to reproduce it.
At some point the hardlinks copies become so many that the mailbox index
files become so bug that dovecot start throwing error:
dovecot[3385911]: imap(redac...@domain.tld)<1992901>:
Error: Mailbox Junk: mmap(size=520636784) failed with file
/var/lib/dovecot-virtualmin/index/redac...@domain.tld/.Junk/dovecot.index.cache:
Cannot allocate memory
other relevant logs are:
dovecot: imap-login: Login: user=, method=PLAIN,
rip=YYY.YYY.YYY.YYY, lip=XXX.XXX.XXX.XXX, mpid=3393763, TLS,
session=
dovecot: imap(redacted.user)<3393763>: sieve: DEBUG:
learn-spam.sieve was triggered on imap.cause=COPY:
msgid=<87584056G78841203D85243127W62181551P@idomziqnd>
dovecot: imap(redacted.user)<3393763>: sieve: DEBUG:
learn-spam on imap.cause=COPY: from=redacted.mail, to=redacted2.mail,
subject=Asseyez-vous confortablement, n'importe où...,
msgid=<87584056G78841203D85243127W62181551P@idomziqnd>,
X-Spamd-Result=default: False [4.49 / 15.00];
FORGED_RECIPIENTS(2.00)[m:redacted2.mail,s:redacted.user.fr];
BAYES_SPAM(1.89)[88.30%]; MID_RHS_NOT_FQDN(0.50)[];
BAD_REP_POLICIES(0.10)[]; RCVD_NO_TLS_LAST(0.10)[];
MIME_GOOD(-0.10)[multipart/related,multipart/alternative,text/plain];
ASN(0.00)[asn:34300, ipnet:62.173.128.0/19, country:RU];
RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~,5:+];
RCPT_COUNT_ONE(0.00)[1]; MISSING_XM_UA(0.00)[]; ARC_NA(0.00)[];
RCVD_VIA_SMTP_AUTH(0.00)[]; GREYLIST(0.00)[pass,body];
R_DKIM_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[];
R_SPF_ALLOW(0.00)[+mx]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[or.mg];
NEURAL_SPAM(0.00)[0.000]
dovecot: imap(redacted.user)<3393763>: sieve: DEBUG:
learn-spam send to rspamd spam
dovecot: imap(redacted.user)<3393763>: program
exec:/var/lib/dovecot/sieve/rspamd-learn-spam.sh (3397238): Terminated
with non-zero exit code 1
dovecot: imap(redacted.user)<3393763>: Error: sieve:
failed to execute to program `rspamd-learn-spam.sh': refer to server log
for more information. [2024-06-03 07:36:40]
dovecot: imap(redacted.user)<3393763>: Disconnected:
Connection closed (UID FETCH finished 32.173 secs ago) in=2914 out=39237
deleted=1 expunged=1 trashed=0 hdr_count=14 hdr_bytes=10705 body_count=1
body_bytes=1606
I know that this is because the mail which is reported is too big for
curl but documentation say that
$
pipe :copy :try "rspamd-learn-spam.sh";
$
this should ignore the error.
I have tested also to change it like that:
$
pipe :copy "rspamd-learn-spam.sh";
$
but the issue still persists
I can't confirm that the issue is that error because these errors are
way less than the messages with hardlink copies.
Also sometimes one mail have more than two hardlinks to it.
here is a example:
inode# hardlink_count filename
2430090371 23850
./Maildir/.Trash/cur/1714190559.M355157P25776.redacted.hostname,S=39259,W=40217:2,S
2430090371 23850
./Maildir/.Trash/cur/1714190562.M259778P25902.redacted.hostname,S=39259,W=40217:2,S
2430090371 23850
./Maildir/.Trash/cur/1714190565.M188090P26028.redacted.hostname,S=39259,W=40217:2,S
2430090371 23850
./Maildir/.Trash/cur/1714190568.M340582P26179.redacted.hostname,S=39259,W=40217:2,S
yes this is "23850" hardlinks to the same Inode
###
The issue is somewhere in the sieve ham/spam reporting to rspamd but
cant figure out where and why.
Is this a bug or my configuration is wrong?
Here are all related configurations (feel free to ask for more if needed):
######
# doveconf -n
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
# OS: Linux 4.18.0-513.24.1.el8_9.x86_64 x86_64 Rocky Linux release 8.9
(Green Obsidian)
# Hostname: redacteddomain.tld
auth_mechanisms = plain login
disable_plaintext_auth = no
first_valid_uid = 1000
mail_location =
maildir:~/Maildir:INDEX=/var/lib/dovecot-virtualmin/index/%u:CONTROL=/var/lib/dovecot-virtualmin/control/%u
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime
foreverypart extracttext vacation-seconds imapsieve vnd.dovecot.imapsieve
mbox_write_locks = fcntl
namespace inbox {
inbox
Re: Log detective help
Yes, it must be a misconfiguration but I cannot find it. I have grep-ed /etc/postfix for all instances of localhost and there is nowhere an instance of localhost.com... Also, I have /etc/hosts with "127.0.0.1 localhost" and main.cf:"myhostname = mydomain.com" and "mydestination = localhost, localhost.localdomain" I am stumped...Anywhere else I should be looking?Would a catchall alias for root@localhost be a way around it? On Wednesday, June 5, 2024 at 03:42:45 PM EDT, Michael Slusarz via dovecot wrote: > On 06/05/2024 1:22 PM MDT GDS via dovecot wrote: > > Hello all, I am seeing hundreds of lines like the one below in my mail.log > from this specific IP address, which belongs to Google. Is there a way to > determine why this "deferred (delivery temporarily suspended)" is happening? > > Jun 5 19:09:32 arthemis postfix/error[86771]: 5D9D148296D: > to=, orig_to=, relay=none, delay=4099, > delays=4099/0.02/0/0, dsn=4.4.1, status=deferred (delivery temporarily > suspended: connect to localhost.com[74.125.224.72]:25: Connection timed out) "localhost.com" - you almost certainly are intending to connect to localhost (i.e. the local loopback address, 127.0.0.1) rather than the remote domain localhost.com. So it looks like a configuration error. michael ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Can't Empty Inbox that is Over quota
I am getting this error imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 (no auth attempts in 0 secs): user=<>, rip=69.142.122.175, lip=209.160.65.133, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session= J I tried sending the results of doveconf -n. But the resulting message I too big and waits monitor review > On Jun 6, 2024, at 7:29 AM, Benny Pedersen via dovecot > wrote: > > Jason Hirsh via dovecot skrev den 2024-06-06 03:20: > >> Is there anyway I can remove Dovecot from my server and reinstalll it? It >> is so messed up I don’t care about losing data > > reinstall will make the same install problem fails > > i often joke about precompiled problems :) > > more help show logs > > and also doveconf -n > > _______ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-le...@dovecot.org _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Can't Empty Inbox that is Over quota
Jason Hirsh via dovecot skrev den 2024-06-06 03:20: Is there anyway I can remove Dovecot from my server and reinstalll it? It is so messed up I don’t care about losing data reinstall will make the same install problem fails i often joke about precompiled problems :) more help show logs and also doveconf -n ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Fwd: EXPUNGED Folder Always Visible
Sorry, forgot to change the To: field :/
Pete.
> Begin forwarded message:
>
> From: Pete Long
> Subject: Re: EXPUNGED Folder Always Visible
> Date: 6 June 2024 at 09:43:50 BST
> To: Robert L Mathews
>
>
>
>> On 5 Jun 2024, at 19:18, Robert L Mathews via dovecot
>> wrote:
>>
>> On Jun 5, 2024, at 12:21 AM, Pete Long via dovecot
>> wrote:
>>
>>> After a restart of Dovecot, I see this in the logs:
>>>
>>> Jun 05 08:12:07 imap(pete)<19761>: Error: Mailbox Deleted
>>> Messages: Lazy-expunge transaction failed: Mailbox Deleted Messages: UID=1
>>> 67: lazy_expunge: Couldn't open expunge mailbox: Failed to open mailbox
>>> .EXPUNGED: Invalid mailbox name: Begins with hierarchy separator
>>
>> Hmmm, I'm not sure about that -- in my setup I have something different,
>> with no actual mailbox for it:
>>
>> namespace {
>> hidden = yes
>> inbox = no
>> list = no
>> location = maildir:~/expunged
>> prefix = .EXPUNGED/
>> separator = .
>> type = private
>> }
>> plugin {
>> lazy_expunge = .EXPUNGED/
>> lazy_expunge_only_last_instance = yes
>> ...
>>
>> Perhaps someone else who has a similar setup to you with it as a mailbox can
>> offer more advice, sorry!
>>
>
> Not to worry Robert, you've given me some useful information.
>
> I have a workaround now which 'works for me' (TM). The gist is to copy an acl
> file to the .EXPUNGED mailbox when it is created, which is usually when a
> mail is sent, moved or deleted. I am not using global acls so note the
> commented line in the next paragraph.
>
> In /etc/dovecot/conf.d/50-expunge.conf:
>
> namespace inbox {
> mailbox EXPUNGED {
> autoexpunge = 7days
>autoexpunge_max_mails = 10
> }
> }
>
>
> mail_plugins = $mail_plugins lazy_expunge acl
> plugin {
> # Move messages to an .EXPUNGED mailbox
> lazy_expunge = EXPUNGED
>
> # Define ACL so that user cannot list the .EXPUNGED mailbox
> #acl = vfile:/etc/dovecot/global-acls/expunged-acl
>
> # Expunged messages most likely don't want to be included in quota:
> quota_rule = EXPUNGED:ignore
> }
>
>
> Once the ~/Maildir/.EXPUNGED directory is created, I copy this 'dovecot-acl'
> file in to that .EXPUNGED directory:
>
> owner wstipeka
>
> Note that there is no l,r or x.
> https://doc.dovecot.org/configuration_manual/acl/#acl
>
>
> The end result is that the .EXPUNGED mailbox contains deleted and moved mail
> items but the user cannot see this mailbox and cannot delete it anyway.
>
> If necessary I can fire up Mutt and traverse to the relevant users .EXPUNGED
> folder to rescue deleted items. If they also happen to have FTP and/or SSH
> access, I can make the dovecot-acl immutable if necessary.
>
> Thanks again Robert for giving me some more options.
>
>
> All the best,
>
> Pete.
>
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Log detective help
Seems like Postfix is trying to send emails to r...@localhost.com instead of root at the localhost. localhost.com @ 74.125.224.72 does not have port 25 open which is why the connection times out. On 6/5/2024 2:22 PM, GDS via dovecot wrote: Hello all, I am seeing hundreds of lines like the one below in my mail.log from this specific IP address, which belongs to Google. Is there a way to determine why this "deferred (delivery temporarily suspended)" is happening? Jun 5 19:09:32 arthemis postfix/error[86771]: 5D9D148296D: to=, orig_to=, relay=none, delay=4099, delays=4099/0.02/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to localhost.com[74.125.224.72]:25: Connection timed out) Thank you,Greg _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org -- Cody Millard https://email.broker _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Log detective help
> On 06/05/2024 1:22 PM MDT GDS via dovecot wrote: > > Hello all, I am seeing hundreds of lines like the one below in my mail.log > from this specific IP address, which belongs to Google. Is there a way to > determine why this "deferred (delivery temporarily suspended)" is happening? > > Jun 5 19:09:32 arthemis postfix/error[86771]: 5D9D148296D: > to=, orig_to=, relay=none, delay=4099, > delays=4099/0.02/0/0, dsn=4.4.1, status=deferred (delivery temporarily > suspended: connect to localhost.com[74.125.224.72]:25: Connection timed out) "localhost.com" - you almost certainly are intending to connect to localhost (i.e. the local loopback address, 127.0.0.1) rather than the remote domain localhost.com. So it looks like a configuration error. michael _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Log detective help
Hello all, I am seeing hundreds of lines like the one below in my mail.log from this specific IP address, which belongs to Google. Is there a way to determine why this "deferred (delivery temporarily suspended)" is happening? Jun 5 19:09:32 arthemis postfix/error[86771]: 5D9D148296D: to=, orig_to=, relay=none, delay=4099, delays=4099/0.02/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to localhost.com[74.125.224.72]:25: Connection timed out) Thank you,Greg _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: EXPUNGED Folder Always Visible
On Jun 5, 2024, at 12:21 AM, Pete Long via dovecot wrote:
> After a restart of Dovecot, I see this in the logs:
>
> Jun 05 08:12:07 imap(pete)<19761>: Error: Mailbox Deleted
> Messages: Lazy-expunge transaction failed: Mailbox Deleted Messages: UID=1
> 67: lazy_expunge: Couldn't open expunge mailbox: Failed to open mailbox
> .EXPUNGED: Invalid mailbox name: Begins with hierarchy separator
Hmmm, I'm not sure about that -- in my setup I have something different, with
no actual mailbox for it:
namespace {
hidden = yes
inbox = no
list = no
location = maildir:~/expunged
prefix = .EXPUNGED/
separator = .
type = private
}
plugin {
lazy_expunge = .EXPUNGED/
lazy_expunge_only_last_instance = yes
...
Perhaps someone else who has a similar setup to you with it as a mailbox can
offer more advice, sorry!
--
Robert L Mathews
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: EXPUNGED Folder Always Visible
> On 4 Jun 2024, at 18:56, Robert L Mathews via dovecot
> wrote:
>
> On Jun 4, 2024, at 8:40 AM, Pete Long via dovecot wrote:
>>
>> I'm having a bit of a time trying to get the EXPUNGED mailbox to not display
>> when any mail is moved or deleted.
>
> You should make the name start with a dot like ".EXPUNGED" to hide it from
> normal folders. See the "example configuration" at
> <https://doc.dovecot.org/configuration_manual/lazy_expunge_plugin/>, where it
> shows, for example:
>
> namespace inbox {
> mailbox .EXPUNGED {
> ...
> lazy_expunge = .EXPUNGED
>
>
>> Here is the information I think is relevant:
>
> As a tip, rather than doing this, send the output of "doveconf -n" to the
> list in the future. That way other people can see what your full
> configuration is, rather than guessing.
Thanks Robert. Here I go.
# dovecot -n
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.10.0-30-amd64 x86_64 Debian 11.9
# Hostname: sulaco.fafflords.co.uk
auth_failure_delay = 6 secs
auth_master_user_separator = +
auth_username_format = %Ln
log_path = /var/log/dovecot/dovecot.log
mail_location = maildir:~/Maildir
mail_plugins = " lazy_expunge acl"
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox .EXPUNGED {
autoexpunge = 1 weeks
autoexpunge_max_mails = 10
}
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
}
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
}
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=300
lazy_expunge = .EXPUNGED
quota_rule = .EXPUNGED:ignore
}
protocols = " imap"
service auth {
unix_listener auth-client {
mode = 0600
user = Debian-exim
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
}
}
ssl_cert = https://doc.dovecot.org/configuration_manual/lazy_expunge_plugin/ .
After a restart of Dovecot, I see this in the logs:
Jun 05 08:12:07 imap(pete)<19761>: Error: Mailbox Deleted
Messages: Lazy-expunge transaction failed: Mailbox Deleted Messages: UID=1
67: lazy_expunge: Couldn't open expunge mailbox: Failed to open mailbox
.EXPUNGED: Invalid mailbox name: Begins with hierarchy separator
Should I specify a different seperator for the .EXPUNGED mailbox?
https://doc.dovecot.org/configuration_manual/namespace/#hierarchy-separators
Thanks.
Pete.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: EXPUNGED Folder Always Visible
On Jun 4, 2024, at 8:40 AM, Pete Long via dovecot wrote:
>
> I'm having a bit of a time trying to get the EXPUNGED mailbox to not display
> when any mail is moved or deleted.
You should make the name start with a dot like ".EXPUNGED" to hide it from
normal folders. See the "example configuration" at
<https://doc.dovecot.org/configuration_manual/lazy_expunge_plugin/>, where it
shows, for example:
namespace inbox {
mailbox .EXPUNGED {
...
lazy_expunge = .EXPUNGED
> Here is the information I think is relevant:
As a tip, rather than doing this, send the output of "doveconf -n" to the list
in the future. That way other people can see what your full configuration is,
rather than guessing.
--
Robert L Mathews
_______
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
EXPUNGED Folder Always Visible
Hi all,
I'm having a bit of a time trying to get the EXPUNGED mailbox to not display
when any mail is moved or deleted.
Here's what I'm running:
Operating System = Debian 11.9
Dovecot = 2.3.13
MUA = Mac OS X Mail 16.0 \(3774.600.62\)
Here is the information I think is relevant:
# cat /etc/dovecot/conf.d/50-expunge.conf
namespace INBOX {
mailbox EXPUNGED {
autoexpunge = 7days
autoexpunge_max_mails = 1
}
}
mail_plugins = $mail_plugins lazy_expunge acl
plugin {
lazy_expunge = EXPUNGED
quota_rule = EXPUNGED:ignore
}
# cat /etc/dovecot/conf.d/90-acl.conf
[...]
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=300
}
[...]
# cat /etc/dovecot/global-acls/expunged.acl
EXPUNGED user=masteruser lr
I have also tried setting 'expunged.acl' to the following, with no ACL flags:
EXPUNGED owner
This version doesn't seem to do anything different but that's probably down to
me.
No matter what I do with this current configuration, I cannot get the EXPUNGED
folder to stop showing after any deletion or move. This point aside, Dovecot's
doing almost exactly what I want: all mail moved or deleted ends up in
EXPUNGED; I just don't want to see it, nor anyone else with an account on my
server ;)
Thanks for your time and any information you can provide.
Pete.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
sieve crashes when two optional include scripts are missing
Hi, we've found an issue with sieve plugin. When script includes two missing optional scripts, it causes crash. For reproducing the issue, script names must belong to same hash table node, so either two scripts with same name or scripts where 'hash(name) % table->size' results in same value, like missing_a and missing_aa in reproducer below. Reduced reproducer: cat >dovecot.min.conf <reproducer.sieve < empty sieve-test -c dovecot.min.conf reproducer.sieve empty any test mail would do, but empty file is enough for reproducer # return sblock->id causes the crash as sblock is NULL backtrace: (gdb) bt #0 sieve_binary_block_get_id (sblock=0x0) at src/lib-sieve/sieve-binary.c:421 #1 ext_include_execute_include (renv=0x555bbed8, include_id=1, flags=EXT_INCLUDE_FLAG_OPTIONAL) at plugins/include/ext-include-common.c:696 #2 opc_include_execute (renv=0x555bbed8, address=0x555bbf10) at plugins/include/cmd-include.c:399 #3 sieve_interpreter_operation_execute (interp=0x555bbe88) at src/lib-sieve/sieve-interpreter.c:901 #4 sieve_interpreter_continue (interp=0x555bbe88, interrupted=0x0) at src/lib-sieve/sieve-interpreter.c:959 #5 sieve_interpreter_start (interp=0x555bbe88, result=0x555b9230, interrupted=0x0) at src/lib-sieve/sieve-interpreter.c:1049 #6 sieve_interpreter_run (interp=0x555bbe88, result=0x555b9230) at src/lib-sieve/sieve-interpreter.c:1057 #7 sieve_run (sbin=0x5558ee18, result=0x555b9230, eenv=0x7fffe890, ehandler=0x5558c338) at src/lib-sieve/sieve.c:357 #8 sieve_test (sbin=0x5558ee18, msgdata=0x7fffe9f0, senv=0x7fffea30, ehandler=0x5558c338, stream=0x555b2cd0, flags=SIEVE_EXECUTE_FLAG_LOG_RESULT) at src/lib-sieve/sieve.c:598 #9 main (argc=5, argv=0x55567a10) at src/sieve-tools/sieve-test.c:391 issue seems to be caused by lib-sieve/plugins/include/ext-include-common.c: ext_include_generate_include on first pass (script) the check for script already compiled into binary at 529: included = ext_include_binary_script_get_include_info(binctx, script); returns NULL, so code goes through 'else' block where it hits sieve_script_is_open(script) check. It includes script with NULL block, returns 0 so caller cmd_include_generate does not emit anything. On second pass the above 'included' check returns first missing script, it goes through true block where it just checks flags and returns non-zero, so caller this time goes through the emit code block and the previously included NULL sblock gets referenced causing crash later. Note: despite scripts have different name, they pass the "same script" check because sieve_file_script_equals compares 0==0 dev & inode numbers as scripts do not exist. This is why scripts do not have to have same names. Side effect of this is that as missing_a and missing_aa are treated like the same script, only first one is linked in compiled svbin. Which means that if missing_aa reappears later, svbin won't get recompiled. Another manifestation of the issue is when included missing_a script is present when main script is compiled and later missina_a is removed again. During execution, script is not recompiled and it aborts for hash table dupe check: sieve_binary_open->ext_include_binary_script_include->hash_table_insert There are several ways how to solve this. I've tried a few, but there were other corner cases that appeared. One tried way was for example ext_include_generate_include in the 'if (included)' replicate the check sieve_script_is_open(...) from else block, just check flags, no include and set result to 0. Another way to solve this is to return from ext_include_execute_include early if sblock is NULL just before it tries to derefernce it, similarly as it does if it fails 'once' check. Same for dumping in opc_include_dump. Whilst the first approach seems a bit better, it won't stop crashing in existing environments as it won't trigger svbin recompilation and svbin would fail. This means that the second soultion is sort of needed anyway. This still won't solve the problem with different missing scripts as only first one would be able to trigger recompilation when file becomes available. Just including both in the mentioned function won't work either as they would still be evaluated as same and hash table anti-dupe check would trigger abort. So some changes in script comparison seem needed anyway. This is what I've used in my approach. Return early from ext_include_execute_include and opc_include_dump if sblock is NULL and change sieve_file_script_equals to compare also script->location for missing scripts (when inode is 0). Let me know if you need more information. Cheers, Michal Hlavinka ___________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Debug: open(/proc/self/io) failed: Permission denied
Worked like a charm. Thanks! ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Debug: open(/proc/self/io) failed: Permission denied
> On 01/06/2024 19:47 EEST se--- via dovecot wrote: > > > Tried all kinds of user setup, and read what I found on different foras, but > still get: > > "Debug: open(/proc/self/io) failed: Permission denied" > > Is anyone able to spot the misconfig? > > Thanks in advance! > Hi! First of all, that's not an error. You can tell by the "Debug" prefix, errors are with "Error" prefix. If you don't want to see this, add import_environment = $import_environment PR_SET_DUMPABLE=1 Aki _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Debug: open(/proc/self/io) failed: Permission denied
Tried all kinds of user setup, and read what I found on different foras, but
still get:
"Debug: open(/proc/self/io) failed: Permission denied"
Is anyone able to spot the misconfig?
Thanks in advance!
This is my dovecot -n:
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.4.70-050470-generic x86_64 Ubuntu 20.04.6 LTS
# Hostname: host
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_username_format = %Ln
mail_location = maildir:~/Maildir
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox Junk {
auto = create
special_use = \Junk
}
mailbox Sent {
auto = create
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = create
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap pop3 lmtp imap lmtp pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = required
ssl_cert =
problem setting sieve_vacation_send_from_recipient = yes
Hello,
dovecot sieve sends vacation replies with an empty FROM: field by
default. Sadly my provider rejects such emails.
I tried to change this behavior by adding
sieve_vacation_send_from_recipient = yes to the plugin section in
dovecot.conf. But still vacation replies are send with empty FROM:
fields. Is there any further setting i have to change ?
My Version is dovecot 2.3.16 (7e2e900c1a) on Ubuntu 22.04 .
Here is my setting from dovecot -n :
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:~/Maildir
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_vacation_send_from_recipient = yes
}
protocols = imap sieve
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
ssl_cert = ssl_cipher_list =
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
userdb {
driver = passwd
}
verbose_ssl = yes
protocol imap {
imap_client_workarounds = delay-newmail
mail_max_userip_connections = 10
}
protocol pop3 {
mail_max_userip_connections = 10
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_plugins = sieve
postmaster_address = tor...@garfield.no-work.to
quota_full_tempfail = yes
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
regards
TS
_______
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
RE: sasl database
Hi, please see https://doc.dovecot.org/configuration_manual/authentication/sql/#authentication-sqlAki Original message From: Jeff P via dovecot Date: 6/1/24 14:28 (GMT+02:00) To: dovecot@dovecot.org Subject: sasl database Hello,Is there a guide for using a customized SASL database for dovecot?for example, SQLite.Thanks in advance.___dovecot mailing list -- dovecot@dovecot.orgTo unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: sasl database
On 01/06/2024 13:22, Jeff P via dovecot wrote: Hello, Is there a guide for using a customized SASL database for dovecot? for example, SQLite. Thanks in advance. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org Hi Jeff I've no experience with using sqlite with dovecot but there is documentation here: https://doc.dovecot.org/configuration_manual/authentication/sql/#sqlite The same page also contains configurations for other db servers. John ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Pigenohole bad commands limits and proposed minor patch
Hi I was looking into Pigeonhole behaviour in the case of managesieve receiving invalid input either before or after login. I can see that there are hard coded limits after 3 sequential bad commands prior to authentication and 20 after authentication. I was wondering if there is a reason for those values. Sieve is a protocol that is used with software and except for the limited use case of testing it is not used by people typing manually. I don't know of a lot of sieve clients. Unfortunately the one I used in Thunderbird is no longer maintained, so I only have roundcube. But do legitimate sieve clients in general make a lot of mistakes? An additional doubt about errors that I am seeing is that differently to imap and pop3 there doen't appear to be a dedicated ssl port. I only have starttls configured. I do see what look like people trying to connect with ssl directly on port 4190, which with my configuration is never going to be valid. I am attaching a very simple proposed patch to make the error limits configurable via the following settings in conf.d/20-managesieve.conf with defaults as per the existing hard coded ones: managesieve_max_command_errors = 20 managesieve_login_max_command_errors = 3 I have similar doubts about imap error limits but I'll start with sieve ones. John ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
sasl database
Hello, Is there a guide for using a customized SASL database for dovecot? for example, SQLite. Thanks in advance. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Unable to get quotas working
On 01/06/2024 20:23, Adam Miller via dovecot wrote: Thank you! At the time, I was trying to get the most basic of quotas working which I have now successfully accomplished! I am happy report that I also have the warning emails working. Excellent. Is it possible that instead of a bash script for the warning emails to use a Python script instead? Never been a fan of python, too much of a resource hog, even compared to perl, but as long as the variables are interpreted correctly, yes it should work. I also must investigate load balancing or at the very least, determining the best approach to scalability and high availability. We've used NFS for years without problems, never used dovecot's director service either, however we use hardware load balancers, done right, this is simplest and most robust method, add/delete/down-for-update front end servers at your will without affecting anything, as for backend, don't use junk, I've found EMC storage gear very reliable, but know that NetApp is too. Over the years I've read about and witnessed many businesses with multi-day outages using clustered file systems that take out everything when they have a hissy fit, so I avoid them at all cost. NFS might be simplicity, but that means far fewer things to go wrong, and why some very large well known mail providers use it too. -- Regards, Noel Butler ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Unable to get quotas working
Thank you! At the time, I was trying to get the most basic of quotas working which I have now successfully accomplished! I am happy report that I also have the warning emails working. Next, my plan is to figure out a way to write custom HTML warning emails using the MJML templating engine. My thought was to have a bash script kick off a Python script which would grab the HTML email using an MJML template stored in a database and then pass back the HTML email it to the bash script to finally send it out. I know this might sound confusing and why would anyone want to do this, but my end goal is to build an email hosting service so having everything branded, secure and functioning well is at the top of the list. Is it possible that instead of a bash script for the warning emails to use a Python script instead? I also must investigate load balancing or at the very least, determining the best approach to scalability and high availability. Thank you! On 6/1/24, 03:18, "Noel Butler via dovecot" mailto:dovecot@dovecot.org>> wrote: On 30/05/2024 20:06, Adam Miller via dovecot wrote: > however now I am having an issue trying to get the quota warning emails > to work. Your original post did not show a "service quota-warning" section where you tell dovecot what to run, I suggest you fully read everything to do with quota on the wiki (the relevant wiki files are also included in source packages) -- Regards, Noel Butler _______ dovecot mailing list -- dovecot@dovecot.org <mailto:dovecot@dovecot.org> To unsubscribe send an email to dovecot-le...@dovecot.org <mailto:dovecot-le...@dovecot.org> _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Unable to get quotas working
On 30/05/2024 20:06, Adam Miller via dovecot wrote: however now I am having an issue trying to get the quota warning emails to work. Your original post did not show a "service quota-warning" section where you tell dovecot what to run, I suggest you fully read everything to do with quota on the wiki (the relevant wiki files are also included in source packages) -- Regards, Noel Butler _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Gather statistics to check effectivity of spam filter?
Hi list :)
We want to make some changes to our spam filter, but we first want to
be able to check if what we do does have any effect.
So I was thinking of storing in our statistics if somebody moves an
email to their Junk folder (or even better: vice versa).
I have created the following metric for this:
metric imap_command_move {
filter = event=imap_command_finished AND cmd_name="UID MOVE" AND
(cmd_args = "* Junk" OR cmd_args = "* INBOX")
group_by = cmd_args
}
And when I move something to the Junk folder I get the following after
a doveadm stats dump:
(...)
imap_command_moveduration525252927061124989
50505.803447637503.81124989
imap_command_move_15_Junkduration1124989124989
124989124989.001249890.00124989
imap_command_move_14_Junkduration1387253872538725
38725.00387250.0038725
imap_command_move_12_INBOXduration1270612706127061
27061.00270610.0027061
imap_command_move_13_INBOXduration1272782727827278
27278.00272780.0027278
imap_command_move_3_INBOXduration1344763447634476
34476.00344760.0034476
In my example, I moved 6 messages: 2 from INBOX to Junk, 1 from INBOX
to a separate folder, 2 from Junk back to INBOX and 1 from the
separate folder back to INBOX.
However, because I'm grouping by cmd_args, it includes the full parameters:
IMAP command’s full parameters (e.g. 1:* FLAGS)
https://doc.dovecot.org/admin_manual/list_of_events/#imap-command
Is there a way to filter out the first part so that I ideally get a
stat named imap_command_move_Junk & imap_command_move_INBOX?
Is there perhaps a way to get to know specifically the from and to
folders the user is moving the mail from and to?
Thanks!
___________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Unable to get quotas working
Thank you for the reply. I was actually able to get it all working however now I am having an issue trying to get the quota warning emails to work. Not sure what the deal is but once I have hammered on it enough and it still isn't working, I will reply to ask for additional help. As for what the issue was, I am not entirely positive. I started over with the quota configs and slowly added introduced new configs and it started working. Thank you! On 5/29/24, 21:55, "Aki Tuomi via dovecot" mailto:dovecot@dovecot.org>> wrote: > On 30/05/2024 02:21 EEST Adam Miller via dovecot <mailto:dovecot@dovecot.org>> wrote: > > > Ubuntu Version: Linux 6.2.0-1017-aws x86_64 Ubuntu 22.04.4 LTS nfs4 > > Postfix: Version: 3.6.4 > > Dovecot Version: 2.3.16 (7e2e900c1a) > > Pigeonhole Version: 0.5.16 (09c29328) > > Rspamd Version: 3.8.4 > > Protocols: IMAP, LMTP, SMTP > > > > Setup: I have an email server running with virtual domains and virtual > mailboxes that is currently hosting about 10GB of email across 15 domains and > 8 mailboxes which will expand drastically once I get this to work. The server > is an AWS EC2 instance with an AWS RDS instance for the database and using > AWS EFS for storage. Everything works quite well except quotas! > > > > Problem: I am having an issue with getting quotas to work. When using > “doveadm”, I can list the mailboxes however the “Limit” column is just a > hyphen “-“ like there is no limit even though every account is set to 10GB > for their limit in the database. At the same time, the actual used storage > and messages is not getting updated in the database either yet there are no > errors from what I can see in the logging. > For new installations, we suggest using quota = count quota_vsizes = yes and using quota_clone plugin to store quota information in SQL database. Perhaps this works better for you? For limits, I cannot see any quota_rule's in your config, and there is no doveadm user someusername output in your email. Aki ___ dovecot mailing list -- dovecot@dovecot.org <mailto:dovecot@dovecot.org> To unsubscribe send an email to dovecot-le...@dovecot.org <mailto:dovecot-le...@dovecot.org> ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Unable to get quotas working
> On 30/05/2024 02:21 EEST Adam Miller via dovecot wrote: > > > Ubuntu Version: Linux 6.2.0-1017-aws x86_64 Ubuntu 22.04.4 LTS nfs4 > > Postfix: Version: 3.6.4 > > Dovecot Version: 2.3.16 (7e2e900c1a) > > Pigeonhole Version: 0.5.16 (09c29328) > > Rspamd Version: 3.8.4 > > Protocols: IMAP, LMTP, SMTP > > > > Setup: I have an email server running with virtual domains and virtual > mailboxes that is currently hosting about 10GB of email across 15 domains and > 8 mailboxes which will expand drastically once I get this to work. The server > is an AWS EC2 instance with an AWS RDS instance for the database and using > AWS EFS for storage. Everything works quite well except quotas! > > > > Problem: I am having an issue with getting quotas to work. When using > “doveadm”, I can list the mailboxes however the “Limit” column is just a > hyphen “-“ like there is no limit even though every account is set to 10GB > for their limit in the database. At the same time, the actual used storage > and messages is not getting updated in the database either yet there are no > errors from what I can see in the logging. > For new installations, we suggest using quota = count quota_vsizes = yes and using quota_clone plugin to store quota information in SQL database. Perhaps this works better for you? For limits, I cannot see any quota_rule's in your config, and there is no doveadm user someusername output in your email. Aki ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Unable to get quotas working
Ubuntu Version: Linux 6.2.0-1017-aws x86_64 Ubuntu 22.04.4 LTS nfs4
Postfix: Version: 3.6.4
Dovecot Version: 2.3.16 (7e2e900c1a)
Pigeonhole Version: 0.5.16 (09c29328)
Rspamd Version: 3.8.4
Protocols: IMAP, LMTP, SMTP
Setup: I have an email server running with virtual domains and virtual
mailboxes that is currently hosting about 10GB of email across 15 domains and 8
mailboxes which will expand drastically once I get this to work. The server is
an AWS EC2 instance with an AWS RDS instance for the database and using AWS EFS
for storage. Everything works quite well except quotas!
Problem: I am having an issue with getting quotas to work. When using
“doveadm”, I can list the mailboxes however the “Limit” column is just a hyphen
“-“ like there is no limit even though every account is set to 10GB for their
limit in the database. At the same time, the actual used storage and messages
is not getting updated in the database either yet there are no errors from what
I can see in the logging.
Configuration from “dovecot -n”:
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_worker_max_count = 5
base_dir = /var/run/dovecot
debug_log_path = /var/log/dovecot/debug.log
default_internal_group = ardaemail
default_internal_user = ardaemail
dict {
quota = mysql:/etc/dovecot/inc.d/inc.quota.user.sql.conf
}
info_log_path = /var/log/dovecot/info.log
instance_name = ec2-us-east-1a-arda-mail-001.ardaemail.com
listen = 172.16.0.200
log_path = /var/log/dovecot/general.log
login_greeting = Welcome to ArdaEmail
mail_debug = yes
mail_gid = ardaemail
mail_location = maildir:/mnt/mail/%d/%n
mail_plugins = " quota"
mail_uid = ardaemail
maildir_stat_dirs = yes
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = no
special_use = \Drafts
}
mailbox Junk {
auto = no
autoexpunge = 30 days
special_use = \Junk
}
mailbox "Junk E-mail" {
auto = no
autoexpunge = 30 days
special_use = \Junk
}
mailbox "Junk Email" {
auto = no
autoexpunge = 30 days
special_use = \Junk
}
mailbox Sent {
auto = no
special_use = \Sent
}
mailbox "Sent Items" {
auto = no
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Spam {
auto = subscribe
autoexpunge = 30 days
special_use = \Junk
}
mailbox Trash {
auto = no
autoexpunge = 30 days
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/inc.d/inc.sql.conf
driver = sql
}
plugin {
imapsieve_mailbox1_before = file:/etc/dovecot/sieve.d/spam/learn-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before = file:/etc/dovecot/sieve.d/spam/learn-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
quota = dict:quota::proxy::quota
quota_exceeded_message = 452 4.2.2 Mailbox is full and cannot receive any
more emails
recipient_delimiter = +
sieve_after = /etc/dovecot/sieve.d/after/
sieve_before = /etc/dovecot/sieve.d/before/
sieve_extensions = +spamtest +spamtestplus +virustest +notify +imapflags
sieve_global_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /etc/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_quota_max_storage = 0
sieve_spamtest_max_header = X-Spam-Score: -?[[:digit:]]+\.[[:digit:]]+ /
(-?[[:digit:]]+\.[[:digit:]])
sieve_spamtest_status_header = X-Spam-Score: (-?[[:digit:]]+\.[[:digit:]]+) /
-?[[:digit:]]+\.[[:digit:]]
sieve_spamtest_status_type = score
}
protocols = imap lmtp
service auth-worker {
group = ardaemail
user = ardaemail
}
service auth {
group = ardaemail
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = ardaemail
mode = 0666
user = ardaemail
}
user = ardaemail
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service imap {
group = ardaemail
user = ardaemail
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
}
}
service submission-login {
inet_listener submission {
port = 0
}
}
ssl = required
ssl_cert =
Re: mbox parsing failed and crashed
Smtp DATA command after writing "Subject: asd\r\n.\r\n" _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
mbox parsing failed and crashed
In below data getting from Postfix. Dovecot imap protocol when fetching mails returns no data. So program crashing when parsing mbox file. Mbox file: "From i...@asd.com Tue May 28 14:53:11 2024 Return-Path: X-Original-To: t...@example.com Delivered-To: t...@example.com Subject: asd " Error: "Panic: file istream-header-filter.c: line 663 (i_stream_header_filter_snapshot_free): assertion failed: (snapshot->mstream->snapshot_pending)" _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Oauth2 MFA config
Am 23.05.24 um 22:07 schrieb Scott Q. via dovecot: Anyone managed to get Dovecot working as smoothly with OAUTH2 as Gmail has with Outlook ? So that for example when you add the account up in Outlook it performs all the required steps for saving the device, getting tokens, etc. Ideally with a custom ID provider, not Google as described here: https://doc.dovecot.org/configuration_manual/authentication/oauth2/ Hello, wish, you get more responses then my similar question: https://dovecot.org/mailman3/hyperkitty/list/dovecot@dovecot.org/message/JJEEJG3JR5GT3H2MQEUDRLNEAA4US4KP/ Andreas ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dsync with vurtial folder leads to mess of msg ID
Greetings, On Sun, 21 Apr 2024 21:52:41 +0100, Kirill A. Korinsky wrote: > > Excluding INBOX from virtual folder seems that allows to avoid the issue. > I'd like to confirm that excluding INBOX from virtual folder indeed allows to avoid that issue. Any suggestion how can I help to debug that issue future? -- wbr, Kirill _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
RE: I can't configure shared mailbox ACLs using LDAP information
> I thought it was just a lack of skill on my part in finding/making the > correct configuration. I am curious about your results, so keep posting! :) > But what do large email servers that use Dovecot do? > > I thought it was an orchestration between OpenLDAP, Postfix and Dovecot > because theoretically LDAP is the best place to store users, groups, > passwords and permissions. I agree, however I am currently configuring ldap users on the os, and have dovecot use the os. I think it is also a little more secure having the os manage users. I once tested dovecot in a container with direct ldap access but can't remember much from it. Does dovecot take settings from ldap.conf so you can have redundant ldap servers configured? > > b) with the query below in [ /etc/postfix/ldap-senders.cf ] users with > permission to access shared mailboxes can send mail using the shared > mailbox address; however, the mail is in the Sent folder of the user who > sent it and not in the Sent folder of the shared mailbox (where I would > like it to be); The idea is that if three people have access to a shared > mailbox, the first one to read and respond to an email will leave it > saved in the Sent folder of the shared mailbox so that the other two can > see that the email has already been responded to Maybe global sieve rule that check this? Afaik you can enable in outlook that send messages should go to the active folder if you are not on the inbox, but it does not work on all folders. I can remember thinking about having a module made that would do this automatically. _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: I can't configure shared mailbox ACLs using LDAP information
Wow, hard to believe.
I thought it was just a lack of skill on my part in finding/making the correct
configuration.
But what do large email servers that use Dovecot do?
I thought it was an orchestration between OpenLDAP, Postfix and Dovecot because
theoretically LDAP is the best place to store users, groups, passwords and
permissions.
Anyway, below is the bash script that I used to do a minimal automation of ACLs.
[ apply_ACLs_for_shared_mailboxes.sh ]
#!/bin/bash
# LDAP base DN
BASE_DN="dc=mydomain,dc=com,dc=br"
# LDAP search filter for enabled shared mailboxes
LDAP_FILTER="(&(objectClass=groupOfUniqueNamesWithMail)(mailEnabled=TRUE))"
# LDAP server details
LDAP_SERVER="ldap://ldap;
LDAP_BIND_DN="cn=admin,dc=mydomain,dc=com,dc=br"
LDAP_PASSWORD="Secret-pwd"
# temporary file to store the results of the LDAP search
TEMP_FILE="/tmp/shared_mailboxes.ldif"
# perform LDAP search to get shared mailboxes and their members
ldapsearch -x -H $LDAP_SERVER -D $LDAP_BIND_DN -w $LDAP_PASSWORD -b
"ou=shared-mailboxes,$BASE_DN" "$LDAP_FILTER" mail uniqueMember > $TEMP_FILE
# read the LDIF file and generate the doveadm acl commands
while IFS= read -r line; do
if [[ $line =~ ^mail: ]]; then
SHARED_MAILBOX=$(echo $line | awk '{print $2}')
fi
if [[ $line =~ ^uniqueMember: ]]; then
USER=$(echo $line | awk '{print $2}' | cut -d ',' -f 1 | cut -d '=' -f
2)
# generate the doveadm acl command for INBOX
COMMAND_INBOX="doveadm acl set -u $SHARED_MAILBOX INBOX user=$USER
lookup read write write-seen write-deleted insert post expunge create delete"
echo $COMMAND_INBOX
# execute the command for INBOX
eval $COMMAND_INBOX
# generate the doveadm acl command for Sent folder
COMMAND_SENT="doveadm acl set -u $SHARED_MAILBOX INBOX/Sent user=$USER
lookup read write write-seen write-deleted insert post expunge create delete"
echo $COMMAND_SENT
# execute the command for Sent folder
eval $COMMAND_SENT
fi
done < $TEMP_FILE
# clean up temporary file
rm $TEMP_FILE
I would like to take this opportunity to ask two things:
a) what would be the most appropriate permissions so that users with access to
shared mailboxes can only read emails (delete, only users "owners of shared
boxes")
b) with the query below in [ /etc/postfix/ldap-senders.cf ] users with
permission to access shared mailboxes can send mail using the shared mailbox
address; however, the mail is in the Sent folder of the user who sent it and
not in the Sent folder of the shared mailbox (where I would like it to be); The
idea is that if three people have access to a shared mailbox, the first one to
read and respond to an email will leave it saved in the Sent folder of the
shared mailbox so that the other two can see that the email has already been
responded to
_______
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Command "doveadm director kick ...." doesn't work
Hi, I have a Dovecot installation (version 2.3.16) with 3 directors and 4 backend servers. Three backend servers have the director_tag 'new', one has the director_tag 'old'. The users are on the DB, the director_tag is a table field. I want to migrate mailboxes from the old backend (Maildir format) to the new (mdbox format). For the migration I use the "doveadm backup" command and everything works fine. The problem I'm having is that I can't kick the user (if logged in). Once the migration is done (as indicated https://doc.dovecot.org/3.0/man/doveadm-sync.1/), I modify the user's home, mail_location and director_tag and then execute the command "doveadm director kick ..." but the connection on the directors is not killed. Why does this problem occur? Could it be due to the use of the director_tag and the fact that for the command "doveadm director kick ..." it is not possible to specify it? Even if I run the command "doveadm director move mailbox_account new_backend_server", the director adds a new connection but does not kill the previous one, with the result that there are two connections for the same user, one on the new backend and one on the old one. I also tried to configure the director_tag only for the 3 new servers, but the "director kick" still doesn't work. _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: I can't configure shared mailbox ACLs using LDAP information
> On 23/05/2024 04:42 EEST moso.mosoleu--- via dovecot > wrote: > > > It shouldn't be impossible, but I've tried countless ways and not even > ChatGPT 4o was able to help me! :D > > I use three LDIF files to get OpenLDAP ready for testing. In the first LDIF I > just modify the schema to add the associatedDomain attributes (then I could > configure the server to serve more than one domain). The second LDIF is to > add 4 objects to the schema that I use to differentiate accounts that > actually receive/send emails and have a password; another thing done in it is > to add a "groupOfUniqueNamesWithMail" object that allows the "mail" and > "mailEnabled" attributes that are then necessary to use in the entries > created in the "shared-mailboxes" OU. Finally, the third LDIF populates the > LDAP by creating OUs, user accounts and creating entries in > "shared-mailboxes" that serve to say which user accounts have access to which > other user accounts. > > When I start the email server, sending and receiving emails works perfectly. > > And mailbox shares work as expected if I manually use, for each share, the > command: > > doveadm acl set -u ad...@mydomain.com.br INBOX user=use...@mydomain.com.br > lookup read write write-seen write-deleted insert post expunge create delete > > But just as authentication works perfectly via LDAP, I believe there must be > a way to configure Dovecot to dynamically adjust ACLs via LDAP. > Hi! This has not yet been implemented in Dovecot. Aki ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
I can't configure shared mailbox ACLs using LDAP information
It shouldn't be impossible, but I've tried countless ways and not even ChatGPT
4o was able to help me! :D
I use three LDIF files to get OpenLDAP ready for testing. In the first LDIF I
just modify the schema to add the associatedDomain attributes (then I could
configure the server to serve more than one domain). The second LDIF is to add
4 objects to the schema that I use to differentiate accounts that actually
receive/send emails and have a password; another thing done in it is to add a
"groupOfUniqueNamesWithMail" object that allows the "mail" and "mailEnabled"
attributes that are then necessary to use in the entries created in the
"shared-mailboxes" OU. Finally, the third LDIF populates the LDAP by creating
OUs, user accounts and creating entries in "shared-mailboxes" that serve to say
which user accounts have access to which other user accounts.
When I start the email server, sending and receiving emails works perfectly.
And mailbox shares work as expected if I manually use, for each share, the
command:
doveadm acl set -u ad...@mydomain.com.br INBOX user=use...@mydomain.com.br
lookup read write write-seen write-deleted insert post expunge create delete
But just as authentication works perfectly via LDAP, I believe there must be a
way to configure Dovecot to dynamically adjust ACLs via LDAP.
The configuration in principle would be this:
acl_search_base = ou=shared-mailboxes,dc=mydomain,dc=com,dc=br
acl_search_filter =
(&(objectClass=groupOfUniqueNamesWithMail)(|(uniqueMember=mail=%u,ou=system-accounts,dc=mydomain,dc=com,dc=br)(uniqueMember=mail=%u,ou=department-accounts
,dc=mydomain,dc=com,dc=br)(uniqueMember=mail=%u,ou=mailing-accounts,dc=mydomain,dc=com,dc=br)(uniqueMember=mail=%u,ou=person
-accounts,dc=mydomain,dc=com,dc=br)))
acl_user = %u
Testing this filter on the command line with "ldapsearch" the expected results
are returned. I mean, I enter an email address from a user account and the
result is all the other user account email addresses that the first one would
have access to.
Any charitable soul who is willing to help and needs more information, just say
what you need and I will try to respond as quickly as possible.
I will place the content of the three LDIFs below.
[ 01-modify_domain.ldif ]
dn: dc=mydomain,dc=com,dc=br
changetype: modify
add: objectClass
objectClass: domainRelatedObject
-
add: associatedDomain
associatedDomain: mydomain.com.br
-
add: associatedDomain
associatedDomain: anotherdomain.com.br
[ 02-add_my_object_classes_to_schema.ldif ]
# Object class for system user accounts
dn: cn=SystemAccount,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: SystemAccount
olcObjectClasses: ( 1.3.6.1.4.1.9.1.1 NAME 'SystemAccount' DESC 'Object
class for system accounts' SUP top AUXILIARY )
# Object class for department user accounts
dn: cn=DepartmentAccount,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: DepartmentAccount
olcObjectClasses: ( 1.3.6.1.4.1.9.1.2 NAME 'DepartmentAccount' DESC 'Object
class for department accounts' SUP top AUXILIARY )
# Object class for mailing user accounts
dn: cn=MailingAccount,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: MailingAccount
olcObjectClasses: ( 1.3.6.1.4.1.9.1.3 NAME 'MailingAccount' DESC 'Object
class for mailing accounts' SUP top AUXILIARY )
# Object class for person user accounts
dn: cn=PersonAccount,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: PersonAccount
olcObjectClasses: ( 1.3.6.1.4.1.9.1.4 NAME 'PersonAccount' DESC 'Object
class for person accounts' SUP top AUXILIARY )
# Object class that allows groupOfUniqueNames to have a mail attribute
dn: cn=groupOfUniqueNamesWithMail,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: groupOfUniqueNamesWithMail
olcObjectClasses: ( 1.3.6.1.4.1.9.1.5 NAME 'groupOfUniqueNamesWithMail' SUP
groupOfUniqueNames STRUCTURAL MAY ( mail $ mailEnabled ) )
[ 03-initialize_mydomain.com.br.ldif ]
### Create organizaitonal units
dn: ou=system-accounts,dc=mydomain,dc=com,dc=br
ou: system-accounts
objectClass: organizaitonalUnit
objectClass: top
dn: ou=department-accounts,dc=mydomain,dc=com,dc=br
ou: department-accounts
objectClass: organizaitonalUnit
objectClass: top
dn: ou=mailing-accounts,dc=mydomain,dc=com,dc=br
ou: mailing-accounts
objectClass: organizaitonalUnit
objectClass: top
dn: ou=person-accounts,dc=mydomain,dc=com,dc=br
ou: person-accounts
objectClass: organizaitonalUnit
objectClass: top
dn: ou=shared-mailboxes,dc=mydomain,dc=com,dc=br
ou: shared-mailboxes
objectClass: organizaitonalUnit
objectClass: top
## Create System User Accounts
#not related to a person
#can be accessed directly or indirectly by more than one person
dn: mail=ad...@mydomain.com.br,ou=system-accounts,dc=mydomain,dc=com,dc=br
uid: admin
userPassword: {SSHA}
displayName: My Doma
Re: Problems using non-libc memory allocators
> On 22/05/2024 19:38 EEST bl0v3 via dovecot wrote: > > > Hey I was trying to use dovecot2 with a not libc based memory allocation > such as scudo or graphene-hardened or graphene-hardened-light but ran > into the issues I described in > > > https://github.com/NixOS/nixpkgs/issues/313721 > > > I just wanted to mention this here as well as this behavior may suggest > a flaw in the memory allocation mechanism of dovecot2/anvil. I haven't > yet found the time to check the underlaying issue > > as I'm quite busy rn. So I thought id just mention what I came across in > case this is actually unexpected or potentially even security relevant > mis/behavior. Hi! Looking at your issue it seems that graphene ones don't even make it to Dovecot code. Perhaps you should experiment with default_vsz_limit or per-process vsz_limit, maybe the default limit is too low for these allocators? Aki _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Problems using non-libc memory allocators
Hey I was trying to use dovecot2 with a not libc based memory allocation such as scudo or graphene-hardened or graphene-hardened-light but ran into the issues I described in https://github.com/NixOS/nixpkgs/issues/313721 I just wanted to mention this here as well as this behavior may suggest a flaw in the memory allocation mechanism of dovecot2/anvil. I haven't yet found the time to check the underlaying issue as I'm quite busy rn. So I thought id just mention what I came across in case this is actually unexpected or potentially even security relevant mis/behavior. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Dovecot calculating quota wrong or am I stupid?
I answered my own question. Sorry! It's that I'm using the zlib plugin
with maildir. Though I welcome ideas for a smooth transition to a better
quota system that won't demolish large servers as hard as dirsize would.
On 2024-05-20 17:07, jarland--- via dovecot wrote:
I'm currently running 2.3.21 on this system and here's what I'm seeing
(a bit cut down for excess):
# doveadm quota get -u emailu...@domain.net
STORAGE 1052385
MESSAGE2741
So the storage is roughly more than 1GB according to Dovecot. No change
after quota recalc. But:
root@arrow:/home/username/imap/domain.net# du -sh emailuser
692Memailuser
There are no symlinks or anything like that. Quota config is pretty
basic:
root@arrow:/etc/dovecot# cat conf.d/90-quota.conf
#add quota to end of line in:
#/etc/dovecot/conf/mail_plugins.conf, eg:
#mail_plugins = $mail_plugins quota
#add imap_quota to end of line in:
#/etc/dovecot/conf/imap_mail_plugins.conf, eg:
#mail_plugins = $mail_plugins imap_quota
plugin {
quota = maildir
}
If anyone has advice I would greatly appreciate it.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Dovecot calculating quota wrong or am I stupid?
I'm currently running 2.3.21 on this system and here's what I'm seeing
(a bit cut down for excess):
# doveadm quota get -u emailu...@domain.net
STORAGE 1052385
MESSAGE2741
So the storage is roughly more than 1GB according to Dovecot. No change
after quota recalc. But:
root@arrow:/home/username/imap/domain.net# du -sh emailuser
692Memailuser
There are no symlinks or anything like that. Quota config is pretty
basic:
root@arrow:/etc/dovecot# cat conf.d/90-quota.conf
#add quota to end of line in:
#/etc/dovecot/conf/mail_plugins.conf, eg:
#mail_plugins = $mail_plugins quota
#add imap_quota to end of line in:
#/etc/dovecot/conf/imap_mail_plugins.conf, eg:
#mail_plugins = $mail_plugins imap_quota
plugin {
quota = maildir
}
If anyone has advice I would greatly appreciate it.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: After user disconnect run the custom script
> On 05/20/2024 9:43 AM MDT Alexey Krylov via dovecot > wrote: > > Please, send me the link, where I can find the info about configuring > firing script after dovecot client is disconnected. > > I found post-login scripting. Than's cool, but... I need to fire script > a little bit later. See https://doc.dovecot.org/admin_manual/list_of_events/#mail-user-session-finished You will need to build a event listener for this event, and then do your scripting in there. michael ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
After user disconnect run the custom script
Sirs, good day. Please, send me the link, where I can find the info about configuring firing script after dovecot client is disconnected. I found post-login scripting. Than's cool, but... I need to fire script a little bit later. May be I try to build crutches... But I wish with all my heart to do this. Thanks to everyone who responded. -- Это сообщение было проверено антивирусным ПО Avast на наличие вирусов. www.avast.com ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Errors after enable add mail_attachment_detection_options
Hello, I got a lot of fatal errors on differents mailbox after I added the option: mail_attachment_detection_options = add-flags Rocky Linux release 8.9 (Green Obsidian) 2.3.21 (47349e2482) May 16 15:03:00 Panic: imap(u...@domain.com.br)<1669762>: file imap-sieve-storage.c: line 317 (imap_sieve_add_mailbox_event): assertion failed: (ismt->src_box == NULL || ismt->src_box == src_box) May 16 15:03:00 Error: imap(u...@domain.com.br)<1669762>: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(backtrace_append+0x41) [0x7f2c9d8b9761] -> /usr/lib64/dovecot/libdovecot.so.0(backtrace_get+0x22) [0x7f2c9d8b9882] -> /usr/lib64/dovecot/libdovecot.so.0(+0x10bb6b) [0x7f2c9d8c6b6b] -> /usr/lib64/dovecot/libdovecot.so.0(+0x10bc07) [0x7f2c9d8c6c07] -> /usr/lib64/dovecot/libdovecot.so.0(+0x5cec5) [0x7f2c9d817ec5] -> /usr/lib64/dovecot/lib95_imap_sieve_plugin.so(+0x7ebc) [0x7f2c9b011ebc] -> /usr/lib64/dovecot/lib95_imap_sieve_plugin.so(+0x815f) [0x7f2c9b01215f] -> /usr/lib64/dovecot/lib20_zlib_plugin.so(+0x4a37) [0x7f2c9c179a37] -> /usr/lib64/dovecot/libdovecot-storage.so.0(index_mail_free+0x12) [0x7f2c9dc73982] -> /usr/lib64/dovecot/lib95_imap_sieve_plugin.so(+0x71be) [0x7f2c9b0111be] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_free+0x1e) [0x7f2c9dbef55e] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0xf124f) [0x7f2c9dc8624f] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_index_transaction_commit_full+0x80) [0x7f2c9dc9f900] -> /usr/lib64/dovecot/libdovecot-storage.so.0(index_transaction_commit+0xf1) [0x7f2c9dc867e1] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0xccb15) [0x7f2c9dc61b15] -> /usr/lib64/dovecot/lib95_imap_sieve_plugin.so(+0x885d) [0x7f2c9b01285d] -> /usr/lib64/dovecot/lib20_fts_plugin.so(+0x13de4) [0x7f2c9c79fde4] -> /usr/lib64/dovecot/lib15_notify_plugin.so(+0x240d) [0x7f2c9c9cf40d] -> /usr/lib64/dovecot/lib10_quota_plugin.so(+0xfcdf) [0x7f2c9cde5cdf] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_transaction_commit_get_changes+0x7a) [0x7f2c9dc000ba] -> dovecot/imap [u...@domain.com.br 186.220.38.133 UID COPY](+0x153c2) [0x559668ce73c2] -> dovecot/imap [u...@domain.com.br 186.220.38.133 UID COPY](command_exec+0x6c) [0x559668cf559c] -> dovecot/imap [u...@domain.com.br 186.220.38.133 UID COPY](+0x215af) [0x559668cf35af] -> dovecot/imap [u...@domain.com.br 186.220.38.133 UID COPY](+0x21661) [0x559668cf3661] -> dovecot/imap [u...@domain.com.br 186.220.38.133 UID COPY](+0x21882) [0x559668cf3882] -> dovecot/imap [ u...@domain.com.br 186.220.38.133 UID COPY](client_handle_input+0x1c5) [0x559668cf3a95] -> dovecot/imap [u...@domain.com.br 186.220.38.133 UID COPY](client_input+0x76) [0x559668cf3f96] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x6d) [0x7f2c9d8dd84d] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x139) [0x7f2c9d8def09] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x50) [0x7f2c9d8dd8f0] May 16 15:03:00 Fatal: imap(u...@domain.com.br)<1669762>: master: service(imap): child 1669762 killed with signal 6 (core dumps disabled - https://dovecot.org/bugreport.html#coredumps) Regards, Ricardo _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Change the default base_dir to /run from ${prefix}/var/run
Hello,
similarly the default state_dir = /usr/local/var/lib/dovecot is not compatible
with the default ProtectSystem=full (⇔read-only /usr):
May 20 10:04:44 d dovecot[319843]: master: Dovecot v0.0.0-33124+6b1bcf1bad
(6b1bcf1bad) starting up for imap, lmtp
May 20 10:04:44 d dovecot[319843]: master: Error:
open(/usr/local/var/lib/dovecot/.temp.d.319843.4804e3352f1b5fd3) failed:
Read-only file system
May 20 10:04:44 d systemd[1]: Started dovecot.service - Dovecot IMAP/POP3 email
server.
May 20 10:04:44 d dovecot[319843]: master: Error:
file_dotlock_open(/usr/local/var/lib/dovecot/instances) failed: Read-only file
system
Greetings
Дилян
-Original Message-
From: Дилян Палаузов
To: dovecot
Subject: Change the default base_dir to /run from ${prefix}/var/run
Date: 05/20/2024 08:26:30 AM
Hello,
at 6b1bcf1bad1d7, calling
./configure && make install
sets prefix=/usr/local, and thus the default base_dir =
/usr/local/var/run/dovecot. Moreover it installs
/usr/lib/systemd/system/dovecot.service with [Service] ProtectSystem=full.
ProtectSystem=full mounts /usr as read-only, so no files can be written under
the default base_dir.
The Linux Hierachy Standard says for /usr/local -
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s09.html - directories
bin, etc, games, include, lib, man, sbin, share, and src must be in /usr/local.
No other directories, except those listed below, may be in /usr/local after
first installing a FHS-compliant system.
var is not listed below. (“below” means the citation above, not the next
paragraph)
For /var/run LSH contains -
https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html#varrunRuntimeVariableData
- This directory was once intended for system information data describing the
system since it was booted. These functions have been moved to /run; this
directory exists to ensure compatibility with systems and software using an
older version of this specification. In general, the requirements for /run
shall also apply to /var/run. It is valid to implement /var/run as a symlink to
/run.
.
For /run LHS mentions “This directory contains system information data
describing the system since it was booted. Files under this directory must be
cleared (removed or truncated as appropriate) at the beginning of the boot
process.”
The defaults base_dir=/usr/local/var/run/dovecot and ProtectSystem=full present
a non-working configuration.
• Please consider changing the default (implicit) value of base_dir to /run.
• When prefix is /usr/local, then dovecot.service should be installed in
/usr/local/lib/systemd/system/.
Kind regards
Дилян
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Change the default base_dir to /run from ${prefix}/var/run
Hello, at 6b1bcf1bad1d7, calling ./configure && make install sets prefix=/usr/local, and thus the default base_dir = /usr/local/var/run/dovecot. Moreover it installs /usr/lib/systemd/system/dovecot.service with [Service] ProtectSystem=full. ProtectSystem=full mounts /usr as read-only, so no files can be written under the default base_dir. The Linux Hierachy Standard says for /usr/local - https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s09.html - directories bin, etc, games, include, lib, man, sbin, share, and src must be in /usr/local. No other directories, except those listed below, may be in /usr/local after first installing a FHS-compliant system. var is not listed below. (“below” means the citation above, not the next paragraph) For /var/run LSH contains - https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html#varrunRuntimeVariableData - This directory was once intended for system information data describing the system since it was booted. These functions have been moved to /run; this directory exists to ensure compatibility with systems and software using an older version of this specification. In general, the requirements for /run shall also apply to /var/run. It is valid to implement /var/run as a symlink to /run. . For /run LHS mentions “This directory contains system information data describing the system since it was booted. Files under this directory must be cleared (removed or truncated as appropriate) at the beginning of the boot process.” The defaults base_dir=/usr/local/var/run/dovecot and ProtectSystem=full present a non-working configuration. • Please consider changing the default (implicit) value of base_dir to /run. • When prefix is /usr/local, then dovecot.service should be installed in /usr/local/lib/systemd/system/. Kind regards Дилян ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: example/config misses required section names for passdb{} and userdb{}
> On 20/05/2024 08:35 EEST Дилян Палаузов via dovecot
> wrote:
>
>
> Hello,
>
> I installed Dovecot from git 6b1bcf1bad1d78e, copied
> /usr/local/share/doc/dovecot/example/config to /usr/local/etc/dovecot and
> called dovecot -F . The system reported
>
> doveconf: Fatal: Error in configuration file
> /usr/local/etc/dovecot/conf.d/auth-system.conf.ext line 11: passdb { } is
> missing section name
>
> The problem remains, if I delete
>
> dovecot-dict-auth.conf.ext dovecot-ldap.conf.ext dovecot-oauth2.conf.ext
> dovecot-sql.conf.ext
> conf.d/auth-deny.conf.ext conf.d/auth-ldap.conf.ext
> conf.d/auth-passwdfile.conf.ext conf.d/auth-static.conf.ext
> conf.d/auth-dict.conf.ext conf.d/auth-master.conf.ext
> conf.d/auth-sql.conf.ext
>
> thus leaving passdb {} and userdb {} defined on a single place.
>
> Indeed, auth-system.conf.ext contains the sections passdb and userdb without
> the optional name, as described at
> https://doc.dovecot.org/configuration_manual/config_file/#sections .
>
> The problem report is that the example configuration does not contain for
> sections userdb and passdb a section name, and at the same time the as
> optional described section name is mandatory in Dovecot on these places.
>
> Kind regards
> Dilyan
>
Hi!
The git version is the new 2.4 version, which still has some things not done.
You can find documentation at https://doc.dovecot.org/3.0/ which is probably
more up to date than the example configs.
Aki
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
example/config misses required section names for passdb{} and userdb{}
Hello,
I installed Dovecot from git 6b1bcf1bad1d78e, copied
/usr/local/share/doc/dovecot/example/config to /usr/local/etc/dovecot and
called dovecot -F . The system reported
doveconf: Fatal: Error in configuration file
/usr/local/etc/dovecot/conf.d/auth-system.conf.ext line 11: passdb { } is
missing section name
The problem remains, if I delete
dovecot-dict-auth.conf.ext dovecot-ldap.conf.ext dovecot-oauth2.conf.ext
dovecot-sql.conf.ext
conf.d/auth-deny.conf.ext conf.d/auth-ldap.conf.ext
conf.d/auth-passwdfile.conf.ext conf.d/auth-static.conf.ext
conf.d/auth-dict.conf.ext conf.d/auth-master.conf.ext conf.d/auth-sql.conf.ext
thus leaving passdb {} and userdb {} defined on a single place.
Indeed, auth-system.conf.ext contains the sections passdb and userdb without
the optional name, as described at
https://doc.dovecot.org/configuration_manual/config_file/#sections .
The problem report is that the example configuration does not contain for
sections userdb and passdb a section name, and at the same time the as optional
described section name is mandatory in Dovecot on these places.
Kind regards
Dilyan
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Dovecot logging to files causes issues
On 20/05/24 01:55, Richard Rosner via dovecot wrote: Am 19.05.24 um 15:29 schrieb Friedrich Kink via dovecot: chmod 775 /var/log/dovecot will solve the problem. Without execute permission the process can't access the logfile. Why on earth does a process supposed to write to a file need execution permission? This most certainly is very unwelcome behavior and a bug in any case, no matter if it's intended by the author or not. What the x permission does for directories is different than what it does for files. For directories the x permission allows access to the files in a directory (the "search" permission). Without the x bit you will get a permissions error (just like you're getting). Peter _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
RE: Dovecot logging to files causes issues
> Am 19.05.2024 um 16:49 schrieb Richard Rosner via dovecot: > > It most certainly isn't. nginx isn't running as root, yet it can log > > without execution permissions just fine. Absolutely nothing should have > > execution permissions if they aren't meant to be executed, which should > > only be true for a very small set of files besides binaries. > > Kind of off-topic, anyhow. > > If your Nginx serves on ports lower than 1024, which you typically do > with port 80 and/or port 443, then the master process of Nginx must run > as the root user. And that process handles the logging. The worker > processes can of course run as a non privileged user. > That is not entirely true. If you run containers with linux capabilities you can just assign low ports. _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Dovecot logging to files causes issues
Am 19.05.2024 um 16:49 schrieb Richard Rosner via dovecot: It most certainly isn't. nginx isn't running as root, yet it can log without execution permissions just fine. Absolutely nothing should have execution permissions if they aren't meant to be executed, which should only be true for a very small set of files besides binaries. Kind of off-topic, anyhow. If your Nginx serves on ports lower than 1024, which you typically do with port 80 and/or port 443, then the master process of Nginx must run as the root user. And that process handles the logging. The worker processes can of course run as a non privileged user. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Dovecot logging to files causes issues
As Alexander wrote - posix behaviour. To change into a directory the directory itself needs execute permission for owner/group/other (what ever is meant). Not the file itself. BTW even a chmod 110 /var/log/dovecot (so only execute and no read/write) would work. On 19.05.24 16:49, Richard Rosner via dovecot wrote: Am 19.05.24 um 16:02 schrieb Alexander Dallou via dovecot: > Am 19.05.2024 um 15:55 schrieb Richard Rosner via dovecot: >> Am 19.05.24 um 15:29 schrieb Friedrich Kink via dovecot: >>> chmod 775 /var/log/dovecot will solve the problem. Without execute >>> permission the process can't access the logfile. >> Why on earth does a process supposed to write to a file need >> execution permission? This most certainly is very unwelcome behavior >> and a bug in any case, no matter if it's intended by the author or not. > > chmod ug+x on the /var/log/dovecot directory! Standard POSIX > permissions for a non-root process to enter a directory. It most certainly isn't. nginx isn't running as root, yet it can log without execution permissions just fine. Absolutely nothing should have execution permissions if they aren't meant to be executed, which should only be true for a very small set of files besides binaries. _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org _______ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Dovecot logging to files causes issues
Am 19.05.24 um 16:02 schrieb Alexander Dallou via dovecot: Am 19.05.2024 um 15:55 schrieb Richard Rosner via dovecot: Am 19.05.24 um 15:29 schrieb Friedrich Kink via dovecot: chmod 775 /var/log/dovecot will solve the problem. Without execute permission the process can't access the logfile. Why on earth does a process supposed to write to a file need execution permission? This most certainly is very unwelcome behavior and a bug in any case, no matter if it's intended by the author or not. chmod ug+x on the /var/log/dovecot directory! Standard POSIX permissions for a non-root process to enter a directory. It most certainly isn't. nginx isn't running as root, yet it can log without execution permissions just fine. Absolutely nothing should have execution permissions if they aren't meant to be executed, which should only be true for a very small set of files besides binaries. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Dovecot logging to files causes issues
Am 19.05.2024 um 15:55 schrieb Richard Rosner via dovecot: Am 19.05.24 um 15:29 schrieb Friedrich Kink via dovecot: chmod 775 /var/log/dovecot will solve the problem. Without execute permission the process can't access the logfile. Why on earth does a process supposed to write to a file need execution permission? This most certainly is very unwelcome behavior and a bug in any case, no matter if it's intended by the author or not. chmod ug+x on the /var/log/dovecot directory! Standard POSIX permissions for a non-root process to enter a directory. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Dovecot logging to files causes issues
Am 19.05.24 um 15:29 schrieb Friedrich Kink via dovecot: chmod 775 /var/log/dovecot will solve the problem. Without execute permission the process can't access the logfile. Why on earth does a process supposed to write to a file need execution permission? This most certainly is very unwelcome behavior and a bug in any case, no matter if it's intended by the author or not. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Dovecot logging to files causes issues
chmod 775 /var/log/dovecot will solve the problem. Without execute permission
the process can't access the logfile.
On 19.05.24 12:25, Richard Rosner via dovecot wrote:
Am 19.05.24 um 04:02 schrieb Peter via dovecot:
> Check the permissions of the entire path, as dovecot:
>
> namei -l /var/log/dovecot/error.log
>
> It might be selinux, check your audit.log file, or set selinux to
> permissive mode and see if it works:
>
> setenforce 0
This can't be the case, there is no SELinux present by default in Debian
and it was never installed on that server. For completeness, here's the
output:
namei -l /var/log/dovecot/error.log
f: /var/log/dovecot/error.log
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root log
drw-rw-r-- dovecot dovecot dovecot
-rw-r--r-- dovecot dovecot error.log
>
> It might also be apparmour (sorry don't have instructions for apparmour).
>
> The message basically means that something is preventing the dovecot
> user from writing to the file, you need to figure out what that is.
>
>
> Peter
I can say that this isn't possible, as any AppArmor actions would be
logged, so they would have showed up. And by the files sizes, Dovecot is
clearly writing to them.
-rw-r--r-- 1 dovecot dovecot 0 13. Mai 20:50 debug.log
-rw-r--r-- 1 dovecot dovecot 37K 14. Mai 14:05 error.log
-rw-r--r-- 1 dovecot dovecot 40K 13. Mai 21:20 info.log
So there's pretty much no possibility AppArmor could have any
involvement here. Also, usually when AppArmor prevents access to a
directory, you'd get a "file not found" error, not a permission denied.
For the very unlikely case that AppArmor is the cause, these are the
only rules present for dovecot:
Dovecot has two files. In tunables you can find this:
# @{DOVECOT_MAILSTORE} is a space-separated list of all directories
# where dovecot is allowed to store and read mails
#
# The default value is quite broad to avoid breaking existing setups.
# Please change @{DOVECOT_MAILSTORE} to (only) contain the directory
# you use, and remove everything else.
@{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ @{HOME}/mail/ @{HOME}/Mail/
/var/vmail/ /var/mail/ /var/spool/mail
Which doesn't seem to be relevant for this. No idea how dovecot can put
the mail into /maildirs/username, but since that's working I'm not
complaining.
The file in abstractions only contains this:
# used with dovecot/*
abi ,
capability setgid,
deny capability block_suspend,
# dovecot's master can send us signals
signal receive peer=dovecot,
owner @{run}/dovecot/config rw,
# Include additions to the abstraction
include if exists
Richard
_______
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
_______
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Dovecot logging to files causes issues
Am 19.05.24 um 04:02 schrieb Peter via dovecot:
Check the permissions of the entire path, as dovecot:
namei -l /var/log/dovecot/error.log
It might be selinux, check your audit.log file, or set selinux to permissive
mode and see if it works:
setenforce 0
This can't be the case, there is no SELinux present by default in Debian and it
was never installed on that server. For completeness, here's the output:
namei -l /var/log/dovecot/error.log
f: /var/log/dovecot/error.log
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root log
drw-rw-r-- dovecot dovecot dovecot
-rw-r--r-- dovecot dovecot error.log
It might also be apparmour (sorry don't have instructions for apparmour).
The message basically means that something is preventing the dovecot user from
writing to the file, you need to figure out what that is.
Peter
I can say that this isn't possible, as any AppArmor actions would be logged, so
they would have showed up. And by the files sizes, Dovecot is clearly writing
to them.
-rw-r--r-- 1 dovecot dovecot 0 13. Mai 20:50 debug.log
-rw-r--r-- 1 dovecot dovecot 37K 14. Mai 14:05 error.log
-rw-r--r-- 1 dovecot dovecot 40K 13. Mai 21:20 info.log
So there's pretty much no possibility AppArmor could have any involvement here. Also,
usually when AppArmor prevents access to a directory, you'd get a "file not
found" error, not a permission denied.
For the very unlikely case that AppArmor is the cause, these are the only rules
present for dovecot:
Dovecot has two files. In tunables you can find this:
# @{DOVECOT_MAILSTORE} is a space-separated list of all directories
# where dovecot is allowed to store and read mails
#
# The default value is quite broad to avoid breaking existing setups.
# Please change @{DOVECOT_MAILSTORE} to (only) contain the directory
# you use, and remove everything else.
@{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ @{HOME}/mail/ @{HOME}/Mail/
/var/vmail/ /var/mail/ /var/spool/mail
Which doesn't seem to be relevant for this. No idea how dovecot can put the
mail into /maildirs/username, but since that's working I'm not complaining.
The file in abstractions only contains this:
# used with dovecot/*
abi ,
capability setgid,
deny capability block_suspend,
# dovecot's master can send us signals
signal receive peer=dovecot,
owner @{run}/dovecot/config rw,
# Include additions to the abstraction
include if exists
Richard
_______
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
RE: Failing to archive many messages
> Today I realized that it was indeed the sa-learn that is slowing down my
> Archiving.
>
> I added an «&» on the end of the line that calls the sa-learn (called by
> the report-ham.sieve script):
>
> exec /usr/bin/sa-learn -u ${1} --ham &
>
> Does anyone thing this is a bad idea? I noticed that archiving got way
> faster this way…
You fork/spawn a new process. So depending on how many messages are moved, that
many processes are created. I am not using sa-learn, but I think this could be
a memory consuming task. So manybe check for OOM crashes or your swap space
slowing everything down.
___________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Dovecot logging to files causes issues
On 19/05/24 04:31, Richard Rosner via dovecot wrote: I have a mailing server setup based on Debian Stable that uses postfix (v3.7.10) for SMTP and dovecot (v2.3.19.1 (9b53102964)) for IMAP. I now wanted to set dovecot to not write to syslog, but to dedicated files in /var/log/dovecot. While everything indicates that this happens successfully as the log files gain in size, I also get lots of these errors: May 13 20:55:37 mail postfix/local[2824184]: 95BCF1000A9: to=, relay=local, delay=3.2, delays=1.9/0.29/0/1.1, dsn=4.3.0, status=deferred (temporary failure. Command output: lda(user): Error: net_connect_unix(/run/dovecot/stats-writer) failed: Permission denied Can't open log file /var/log/dovecot/error.log: Permission denied ) If it would only log the complaints I wouldn't worry, but as long as I don't revert the changes in dovecot's config, mail receiving is at least vastly delayed, most likely stuck alltogether. So how am I supposed to set these settings? I've chainged these settings in /etc/dovecot/conf.d/10-logging.conf: log_path = /var/log/dovecot/error.log debug_log_path = /var/log/dovecot/debug.log log_debug = category=error The whole directory /var/log/dovecot is owned by dovecot:dovecot, permissions on debug.log, error.log and info.log are 644. Check the permissions of the entire path, as dovecot: namei -l /var/log/dovecot/error.log It might be selinux, check your audit.log file, or set selinux to permissive mode and see if it works: setenforce 0 It might also be apparmour (sorry don't have instructions for apparmour). The message basically means that something is preventing the dovecot user from writing to the file, you need to figure out what that is. Peter ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Dovecot logging to files causes issues
I have a mailing server setup based on Debian Stable that uses postfix (v3.7.10) for SMTP and dovecot (v2.3.19.1 (9b53102964)) for IMAP. I now wanted to set dovecot to not write to syslog, but to dedicated files in /var/log/dovecot. While everything indicates that this happens successfully as the log files gain in size, I also get lots of these errors: May 13 20:55:37 mail postfix/local[2824184]: 95BCF1000A9: to=, relay=local, delay=3.2, delays=1.9/0.29/0/1.1, dsn=4.3.0, status=deferred (temporary failure. Command output: lda(user): Error: net_connect_unix(/run/dovecot/stats-writer) failed: Permission denied Can't open log file /var/log/dovecot/error.log: Permission denied ) If it would only log the complaints I wouldn't worry, but as long as I don't revert the changes in dovecot's config, mail receiving is at least vastly delayed, most likely stuck alltogether. So how am I supposed to set these settings? I've chainged these settings in /etc/dovecot/conf.d/10-logging.conf: log_path = /var/log/dovecot/error.log debug_log_path = /var/log/dovecot/debug.log log_debug = category=error The whole directory /var/log/dovecot is owned by dovecot:dovecot, permissions on debug.log, error.log and info.log are 644. Best Richard ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Failing to archive many messages
Thanks a lot Marc.
I actually found something that works for me:
I replaced `sa-learn -u xx --ham`
with
`spamc -u xx -L ham`
Archiving wasn't as fast as simply moving messages, but was considerably
faster - fast enough that no errors on Roundcube are reported.
Best,
Francis
---
Francis Augusto Medeiros-Logeay
Oslo, Norway
On 2024-05-18 12:06, Marc wrote:
Today I realized that it was indeed the sa-learn that is slowing down
my
Archiving.
I added an «&» on the end of the line that calls the sa-learn (called
by
the report-ham.sieve script):
exec /usr/bin/sa-learn -u ${1} --ham &
Does anyone thing this is a bad idea? I noticed that archiving got way
faster this way…
You fork/spawn a new process. So depending on how many messages are
moved, that many processes are created. I am not using sa-learn, but I
think this could be a memory consuming task. So manybe check for OOM
crashes or your swap space slowing everything down.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Failing to archive many messages
Today I realized that it was indeed the sa-learn that is slowing down my
Archiving.
I added an «&» on the end of the line that calls the sa-learn (called by the
report-ham.sieve script):
exec /usr/bin/sa-learn -u ${1} --ham &
Does anyone thing this is a bad idea? I noticed that archiving got way faster
this way…
Best,
Francis
> On 9 May 2024, at 23:09, dovecot-requ...@dovecot.org wrote:
>
>> On 9 May 2024, at 19:45, dovecot-requ...@dovecot.org
>> <mailto:dovecot-requ...@dovecot.org> wrote:
>>
>> Francis Augusto Medeiros-Logeay via dovecot skrev den 2024-05-09 12:29:
>>
>>>> If you want to analyze emails, why not do it with scheduled crons
>>>> after they are archived?
>>
>> maybe ask for skip older then one day in here
>> https://github.com/isbg/isbg/tree/master
>>
>> while roundcube just set the needed flag for retest ?
>>
>>> wouldn't it reanalyze all archived messages anyway?
>>
>> sometimes email is ham at recpt stage, while its spam later on test,
>> this is why isbg is made imho :)
>
>
> I see.
>
> But I wonder if there is something wrong with what I already have. It worked
> fine for years, and it works fine for most of my users. I tested with a few
> accounts, and Archving (with its sa-learn script) works blazingly fast. But
> with one user - happens to be mine - it is super slow when archiving, most
> likely due the sa-learn.
>
> Best,
>
> Francis
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
