Re: Maildir to Mdbox and folder structure after the conversion
Il giovedì 10 giugno 2021, 13:12:09 CEST, Josef 'Jeff' Sipek ha scritto: If I'm understanding you correctly, it looks like you have a different mail_location set on the two servers. In one case it appears to have a mail// sort of format, and on the other... well, I have no idea but it looks like it is only mail/ or something similarly incorrect :) Exactly, the different structure seems to be due to a different configuration of the mail servers. In the end, having no experience with Dovecot and its migration utilities, I found it much easier to use Imapsync.
Re: Maildir to Mdbox and folder structure after the conversion
Il mercoledì 9 giugno 2021, 13:37:51 CEST, Aki Tuomi ha scritto: Maildir and mdbox have different directory structure. You cannot get them to be identical. Aki Yes I know, but the directory structure of the two pastebin links are both in Mdbox format ! What can be the cause of the different directory structure: a different version of Mdbox format or a different server configuration ?
Maildir to Mdbox and folder structure after the conversion
Using the dsync command I've converted a Dovecot mail folder from Maildir to Mdbox format. (see https://dovecot.org/pipermail/dovecot/2021-June/122304.html) The folder resulting from the conversion (see https://pastebin.com/6U4CDTQi ), however, has a completely different directory structure from the one used by the destination server where it will be transferred (see https://pastebin.com/nMEvqmqp ) What do I have to do to make the folder obtained after the conversion have a directory structure identical to the one used by the destination server ? Thank You.
Correct procedure to convert Maildir format to Mdbox
Hi, I need to migrate mail from a shared hosting that stores mail in the Maildir format to another one that uses the Mdbox format. Both hosts use Dovecot, though I don't know what version, because neither has Dovecot command line/ssh utilities available. So I installed Debian 10.9 + Dovecot-imapd (ver.2.3.4.1 stable), then in "/etc/dovecot/conf.d/10-mail.conf" I changed "mail_location = mbox:~/mail:INBOX=/var/mail/%u" to "mail_location = mdbox:~/mdbox" and "#separator =" to "separator = /" . I moved the contents of the folder containing the mail in Maildir format to ~/Maildir/ and then I ran "dsync -v -u user mirror maildir:~/Maildir/". The only users on the system are root and a limited priviledges user, but on the Debian server I didn't recreate any mail account/user that existed on the source server. The conversion command is executed without showing errors: the resulting ~/mdbox folder has a size of 370 MB while the ~/Maildir/ folder was 456 MB. I would like to know if the procedure I followed is correct and if the absence of errors when the command is executed means that the conversion was successful, or if I need to do some other test/check to make sure the whole conversion process is ok. Thank you.
Re: connection closes every 10 minutes
Hi, I honestly don't know if the old modem had an integrated router, and I have already disposed of it. What I am sure of is that I had NOT changed anything in its settings for many months, if not years, and everything was working without problems until a few weeks ago, when I posted here. Marco Il giorno mar 27 apr 2021 alle ore 23:49 Joseph Tam ha scritto: > > On Mon, 26 Apr 2021, Marco Fioretti wrote: > > > 3) a few days ago I received a new modem from my ISP, as part of their > > network upgrade operations > > > > 4) more or less in the same moment the problem I reported here > > disappeared. Now mutt stays connected even 24 hours without losing > > connection. > > > > I am NOT 100% sure that the problem disappeared AFTER the change of > > modem. That happened during a few chaotic days, both work- and > > family-wise, so I did not take notes. And modems may have nothing to > > do at all with the disconnections. But now the problem is not there > > anymore, I have no clue what may have happened, and if anybody can > > guess... thanks in advance. > > Does this modem also have an integrated router? These units tend to > act as NAT gateways/firewalls that keep track of "active" sessions by > tracking external/interface NAT address mappings. Cheap or older one > could have TTL on these entries i.e. if no traffic is detected within > a time window, it is discarded, and appearing as if the endpoints had > disconnected. I guess it could also happen if the state tracking > tables has limited memory and your internal network is busy, like a family > member opening up a P2P application. > > Just a hypothesis. > > >> Apr 12 16:12:49 SERVERNAME dovecot: imap(ACCOUNTNAME): Logged out in=164 > >> out=757 > > However, my hypothesis wouldn't produce this. This is a active > logout. > > Joseph Tam
Re: connection closes every 10 minutes
update on this: to make a long story short 1) I did run mutt with debug enabled , but could not recognize anything useful 2) I had the same problem with mutt from my laptop 3) a few days ago I received a new modem from my ISP, as part of their network upgrade operations 4) more or less in the same moment the problem I reported here disappeared. Now mutt stays connected even 24 hours without losing connection. I am NOT 100% sure that the problem disappeared AFTER the change of modem. That happened during a few chaotic days, both work- and family-wise, so I did not take notes. And modems may have nothing to do at all with the disconnections. But now the problem is not there anymore, I have no clue what may have happened, and if anybody can guess... thanks in advance. Il giorno lun 12 apr 2021 alle ore 16:47 Marco Fioretti ha scritto: > > Greetings, > > I use mutt on Ubuntu to access my IMAP mailboxes, on my Centos email > server that runs dovecot. Everything has worked without problems for > years. About one week ago, the connection between mutt and dovecot > became unstable. > > Before, I could leave mutt connected for days in a row, no problem. > Now, everything still works fine, except... I get every ten minutes I > get "connection timed out" in Mutt's status line, and hundreds of > messages like > > Apr 12 16:12:49 SERVERNAME dovecot: imap(ACCOUNTNAME): Logged out in=164 > out=757 > > what puzzles me is that I did not touch anything both on my server and > on my desktop, except an "apt-get update" some days before this > started. > > But cannot see how it would be related anyway, nor have I found > anything online like this. > > Any help to understand what happened and fix it is very welcome. > > Marco
connection closed every ten minutes
Greetings, I use mutt on Ubuntu to access my IMAP mailboxes, on my Centos email server that runs dovecot. Everything has worked without problems for years. About one week ago, the connection between mutt and dovecot became unstable. Before, I could leave mutt connected for days in a row, no problem. Now, everything still works fine, except... I get every ten minutes I get "connection timed out" in Mutt's status line, and hundreds of messages like Apr 12 16:12:49 SERVERNAME dovecot: imap(ACCOUNTNAME): Logged out in=164 out=757 what puzzles me is that I did not touch anything both on my server and on my desktop, except an "apt-get update" some days before this started. But cannot see how it would be related anyway, nor have I found anything online like this. Any help to understand what happened and fix it is very welcome. Marco
connection closes every 10 minutes
Greetings, I use mutt on Ubuntu to access my IMAP mailboxes, on my Centos email server that runs dovecot. Everything has worked without problems for years. About one week ago, the connection between mutt and dovecot became unstable. Before, I could leave mutt connected for days in a row, no problem. Now, everything still works fine, except... I get every ten minutes I get "connection timed out" in Mutt's status line, and hundreds of messages like Apr 12 16:12:49 SERVERNAME dovecot: imap(ACCOUNTNAME): Logged out in=164 out=757 what puzzles me is that I did not touch anything both on my server and on my desktop, except an "apt-get update" some days before this started. But cannot see how it would be related anyway, nor have I found anything online like this. Any help to understand what happened and fix it is very welcome. Marco
dovecot user id and mail folder permissions, was "no shared cipher"
Greetings, I thought it may be better to start a separate thread now that the cipher problem is solved. Background: I have had to recreate from scratch, and without notice, a working server to a new VPS, with different versions of dovecot and other software. Now I am having problems with accessing the imap folders from home. Now I have postfix/procmail successfully delivering email to the right IMAP folders. Problem is, postfix/procmail run as user mail_manager, group mail_management, and the permissions on those folders are currently all set to 755. The consequence is that dovecot, running as user "dovecot", extra group mail_management, cannot modify those folders and their indexes. What is the best/safest configuration in these cases? 1) run dovecot too as user "mail_manager"? (if yes, how, with dovecot 2.2.36?) 2) recursively change permissions of ALL the mail folders and files to 775? 3) both 1) and 2) ? 4) other (e.g. certain permissions for folders, others for specific files? Thanks in advance for any advice! Marco
Re: "no shared cypher", no matter what I try
The problem is solved, thanks to Aki. I was missing the "include" directive in dovecot.conf, because it was not needed in the dovecot version I was using previously. Now I have a related question, and... another problem :-) The question: what is a safer/more sensible value for ssl_cipher_list than the current "ALL"? The problem: now that I can login, a permission/ownership problem came out. In the old server, the mailboxes were owned by user mail_manager, group mail_management In the new server I recreated those users, copied the mailboxes as they were. Postfix / procmail are using that userid, and can write successfully to the mailboxes. Dovecot, instead, cannot. Even if I added the dovecot user to the mail_management group, it keeps generating plenty of errors like this Dec 11 12:34:13 SERVERNAME dovecot: imap(USERNAME): Error: file_dotlock_create(/var/mail/mymail_storage/base/.archive.2018.12/dovecot-uidlist) failed: Permission denied (euid=5000() egid=5000(mail_management) missing +w perm: /var/mail/mymail_storage/base/.archive.2018.12, dir owned by 1001:5000 mode=0755) of course it cannot create the log file because the owner is the mail_manager user (euid 5000) so the question is: what is the good/best practice now? Make dovecot run as user mail_manager? And if yes, how? Or should I change the permissions of all the mailboxes and mail files with chmod -r 775 ? Thanks, Marco
Re: "no shared cypher", no matter what I try
Hello Aki,
maybe I misunderstood you, but both adding an "ssl = yes" line to this
section of dovecot.conf, and commenting out the whole "four lines
starting at "inet_listener imaps" do not have any effect :
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
}
this is the error I still get after restarting dovecot, and trying
again to connect with mutt:
ogin: Debug: SSL: where=0x10, ret=1: before/accept initialization
[my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL:
where=0x2001, ret=1: before/accept initialization [my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv2/v3 read client hello A
[my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Warning: SSL alert:
where=0x4008, ret=552: fatal handshake failure [my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: error [my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: error [my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL error:
SSL_accept() failed: error:1408A0C1:SSL
routines:ssl3_get_client_hello:no shared cipher
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Disconnected
(disconnected before auth was ready, waited 0 secs): user=<>,
rip=my.home.ip.address, lip=server.ip.address, TLS handshaking:
SSL_accept() failed: error:1408A0C1:SSL
routines:ssl3_get_client_hello:no shared cipher,
session=
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Read auth token
secret from /var/run/dovecot/auth-token-secret.dat
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: passwd-file
/etc/imap.v_users: Read 1 users
Il giorno mar 11 dic 2018 alle ore 11:01 Aki Tuomi
ha scritto:
>
> Hi!
>
> You have misconfigured service imap-login, remove the 993 listener
> config (it's there by default) or add ssl = yes to it.
>
> Aki
>
> On 11.12.2018 11.58, Marco Fioretti wrote:
> > hello, and some update
> > short version: the error is still there, but I have some more data to
> > share, thanks in advance for further advice
> >
> > first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is
> > not an obsolete version.
> > second... at the moment I can send email through postfix on the same
> > server, with the
> > same certificates (almost: I still have to fix some stuff, but is NOT
> > related to SSL/TLS, e.g
> > reverse DNS).
> >
> > However, running openssl as requested returns "no peer certificate
> > available", and when
> > I connect with mutt to dovecot I still get the "no shared cipher"
> > error. These are the permissions
> > on the certificate files:
> >
> > ls -l /etc/letsencrypt/archive//fullchain1.pem
> > /etc/letsencrypt/archive//privkey1.pem
> > -r. 1 root root 3546 Dec 7 11:59
> > /etc/letsencrypt/archive//fullchain1.pem
> > -r. 1 root root 1704 Dec 7 11:59
> > /etc/letsencrypt/archive//privkey1.pem
> >
> > output of openssl, dovecot -n, its current SSL settings and excerpt of
> > the log file are all below.
> >
> > openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993
> > CONNECTED(0003)
> > 140141825717912:error:14077410:SSL
> > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
> > failure:s23_clnt.c:769:
> > ---
> > no peer certificate available
> > ---
> > No client certificate CA names sent
> > ---
> > SSL handshake has read 7 bytes and written 305 bytes
> > ---
> > New, (NONE), Cipher is (NONE)
> > Secure Renegotiation IS NOT supported
> > Compression: NONE
> > Expansion: NONE
> > No ALPN negotiated
> > SSL-Session:
> > Protocol : TLSv1.2
> > Cipher:
> > Session-ID:
> > Session-ID-ctx:
> > Master-Key:
> > Key-Arg : None
> > PSK identity: None
> > PSK identity hint: None
> > SRP username: None
> > Start Time: 1544521696
> > Timeout : 300 (sec)
> > Verify return code: 0 (ok)
> > ---
> >
> > current SSL dovecot settings in conf.d/10-ssl.conf
> >
> > ssl = yes
> >
> > ssl_prefer_server_ciphers = yes
> >
> > ssl_dh_parameters_length = 2048
> >
> > sl_min_protoco
Re: "no shared cypher", no matter what I try
hello, and some update
short version: the error is still there, but I have some more data to
share, thanks in advance for further advice
first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is
not an obsolete version.
second... at the moment I can send email through postfix on the same
server, with the
same certificates (almost: I still have to fix some stuff, but is NOT
related to SSL/TLS, e.g
reverse DNS).
However, running openssl as requested returns "no peer certificate
available", and when
I connect with mutt to dovecot I still get the "no shared cipher"
error. These are the permissions
on the certificate files:
ls -l /etc/letsencrypt/archive//fullchain1.pem
/etc/letsencrypt/archive//privkey1.pem
-r. 1 root root 3546 Dec 7 11:59
/etc/letsencrypt/archive//fullchain1.pem
-r. 1 root root 1704 Dec 7 11:59
/etc/letsencrypt/archive//privkey1.pem
output of openssl, dovecot -n, its current SSL settings and excerpt of
the log file are all below.
openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993
CONNECTED(0003)
140141825717912:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher:
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1544521696
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
current SSL dovecot settings in conf.d/10-ssl.conf
ssl = yes
ssl_prefer_server_ciphers = yes
ssl_dh_parameters_length = 2048
sl_min_protocol = TLSv1.2
ssl_cert = /fullchain1.pem
ssl_key = /privkey1.pem
ssl_cipher_list = ALL
output of dovecot -n:
# OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release
7.6.1810 (Core) ext4
# Hostname: SERVER NAME
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
mail_location = maildir:/var/mail/mymail_storage/base/
passdb {
args = /etc/imap.v_users
driver = passwd-file
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
}
}
ssl = required
userdb {
args = /etc/imap.v_users
driver = passwd-file
}
verbose_ssl = yes
this is the error message I get by when I tried to connect with mutt:
Dec 11 08:34:26 MYSERVER dovecot: master: Dovecot v2.2.36 (1f10bfa63)
starting up for imap, pop3, lmtp (core dumps disabled)
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x10,
ret=1: before/accept initialization [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
where=0x2001, ret=1: before/accept initialization [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv2/v3 read client hello A
[my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Warning: SSL alert:
where=0x4008, ret=552: fatal handshake failure [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: error [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: error [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL error:
SSL_accept() failed: error:1408A0C1:SSL
routines:ssl3_get_client_hello:
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Disconnected
(disconnected before auth was ready, waited 0 secs): user=<>,
rip=my.home.ip.address, lip=my.vps.ip.address, TLS hands
haking: SSL_accept() failed: error:1408A0C1:SSL
routines:ssl3_get_client_hello:no shared cipher,
session=
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Read auth token secret
from /var/run/dovecot/auth-token-secret.dat
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: passwd-file
/etc/imap.v_users: Read 1 users in 0 secs
"no shared cypher", no matter what I try
Greetings,
I have had to reinstall my email server on another Linux (centos 7.6)
VPS, with a newer version of dovecot, other software and a brand new
letsencrypt certificate just for email withpostfix and dovecot (that
certificate works fine with postfix). Output of dovecot --version and
dovecot -n on the new server is below.
Now, messages ARE delivered in the right IMAP mailboxes, but when I
try to connect with Mutt from my home computer, mutt says, before
prompting for a password:
gnutls_handshake: A TLS fatal alert has been received.(Handshake failed)
the corresponding output of dovecot in /var/log/maillog is below. The
gist of it **seems** to me to be the "no shared cipher" part, but I
may be wrong. In any case, I have already tried to search online for
that string, and other relevant parts of the log, without success. All
I have found is suggestions to change the values of ssl_protocols
and/or ssl_cipher_list to some non-default value, but I have tried all
those tips without success. Current values of those variables are
these:
grep -v ^# /etc/dovecot/conf.d/10-ssl.conf
ssl_cert = ,
rip=47.53.159.60, lip=116.202.20.216, TLS handshaking: SSL_accept()
failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
cipher, session=
Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: Loading modules
from directory: /usr/lib64/dovecot/auth
Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: Read auth token
secret from /var/run/dovecot/auth-token-secret.dat
Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: passwd-file
/etc/imap.v_users: Read 1 users in 0 secs
#
dovecot --version
2.2.36 (1f10bfa63)
# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release
7.6.1810 (Core) ext4
# Hostname: MYSERVERNAME
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
mail_location = maildir:/var/mail//base/
passdb {
args = /etc/imap.v_users
driver = passwd-file
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
}
}
ssl = required
userdb {
args = /etc/imap.v_users
driver = passwd-file
}
verbose_ssl = yes
Re: Set X-Original-To based an ORCPT?
Hi,
to get a 'Delivered-to' header based on ORCPT, I wrote a patch
(attached) to force Dovecot lmtp to advertise DSN after a LHLO command.
In this way, Postfix add an ORCPT to the RCTP command
(http://postfix.1071664.n5.nabble.com/pipe-flags-vs-lmtp-td11587.html#a11596).
Be carefully: in this way DSN notification is broken, but they were
broken in any case at the time I wrote the patch (read the entire post
linked above).
The first patch is for Dovecot 2.2.x: after apply, you cannot disable
the DSN advertisement. The other is for Dovecot 2.3.0: you can
enable/disable the advertisement using the new bool parameter
'lmtp_lhlo_dsn'.
I'm using it for the past two years, without any problem.
Thanks,
Marco
On 2018-08-07 11:48, Tom Sommer wrote:
> On 2015-09-02 22:01, Peer Heinlein wrote:
>> Since
>>
>> http://dovecot.org/pipermail/dovecot-cvs/2014-November/025241.html
>>
>> Dovecot's LMTP does support ORCPT.
>>
>> Is it possible to set X-Original-To-Header based on that ORCPT?
>
> Any news or response on this? I too am in need of this header being
> passed and saved correctly.
>
> Thanks.
>
> --
> Tom
>
--
Marco Giunta - ITCS SysAdmin
Via Bonomea, 265
34136 - Trieste, Italy
Tel: +39-040-3787-503
Fax: +39-040-3787-244
--- dovecot-2.2.24/src/lmtp/commands.c.orig 2016-04-26 15:01:21.0 +0200
+++ dovecot-2.2.24/src/lmtp/commands.c 2017-02-16 16:01:39.091220376 +0100
@@ -82,7 +82,8 @@
client_send_line(client, "250-XCLIENT ADDR PORT TTL TIMEOUT");
client_send_line(client, "250-8BITMIME");
client_send_line(client, "250-ENHANCEDSTATUSCODES");
- client_send_line(client, "250 PIPELINING");
+ client_send_line(client, "250-PIPELINING");
+ client_send_line(client, "250 DSN");
i_free(client->lhlo);
client->lhlo = i_strdup(str_c(domain));
@@ -200,6 +201,11 @@
client->state.mail_body_7bit = TRUE;
else if (strcasecmp(*argv, "BODY=8BITMIME") == 0)
client->state.mail_body_8bitmime = TRUE;
+ /* Skip unsupported DSN parameters */
+ else if (strncasecmp(*argv, "RET=", 4) == 0)
+ continue;
+ else if (strncasecmp(*argv, "ENVID=", 6) == 0)
+ continue;
else {
client_send_line(client,
"501 5.5.4 Unsupported options");
@@ -638,9 +644,12 @@
argv = t_strsplit(params, " ");
for (; *argv != NULL; argv++) {
- if (strncasecmp(*argv, "ORCPT=", 6) == 0) {
+ if (strncasecmp(*argv, "ORCPT=", 6) == 0)
rcpt->params.dsn_orcpt = parse_xtext(client, *argv + 6);
- } else {
+ /* Skip unsupported DSN parameter */
+ else if (strncasecmp(*argv, "NOTIFY=", 7) == 0)
+ continue;
+ else {
client_send_line(client, "501 5.5.4 Unsupported options");
return 0;
}
diff -up dovecot-2.3.0/src/lmtp/client.c.orig dovecot-2.3.0/src/lmtp/client.c
--- dovecot-2.3.0/src/lmtp/client.c.orig 2018-01-05 07:45:36.0 +0100
+++ dovecot-2.3.0/src/lmtp/client.c 2018-01-16 08:55:49.437006465 +0100
@@ -151,6 +151,8 @@ struct client *client_create(int fd_in,
SMTP_CAPABILITY_ENHANCEDSTATUSCODES |
SMTP_CAPABILITY_8BITMIME |
SMTP_CAPABILITY_CHUNKING;
+ if (client->lmtp_set->lmtp_lhlo_dsn)
+ lmtp_set.capabilities |= SMTP_CAPABILITY_DSN;
if (!conn->ssl && master_service_ssl_is_enabled(master_service))
lmtp_set.capabilities |= SMTP_CAPABILITY_STARTTLS;
lmtp_set.hostname = client->unexpanded_lda_set->hostname;
diff -up dovecot-2.3.0/src/lmtp/lmtp-settings.c.orig dovecot-2.3.0/src/lmtp/lmtp-settings.c
--- dovecot-2.3.0/src/lmtp/lmtp-settings.c.orig 2018-01-05 07:45:36.0 +0100
+++ dovecot-2.3.0/src/lmtp/lmtp-settings.c 2018-01-16 08:53:13.513920390 +0100
@@ -62,6 +62,7 @@ static const struct setting_define lmtp_
DEF(SET_BOOL, lmtp_proxy),
DEF(SET_BOOL, lmtp_save_to_detail_mailbox),
DEF(SET_BOOL, lmtp_rcpt_check_quota),
+ DEF(SET_BOOL, lmtp_lhlo_dsn),
DEF(SET_UINT, lmtp_user_concurrency_limit),
DEF(SET_ENUM, lmtp_hdr_delivery_address),
DEF(SET_STR_VARS, login_greeting),
@@ -74,6 +75,7 @@ static const struct lmtp_settings lmtp_d
.lmtp_proxy = FALSE,
.lmtp_save_to_detail_mailbox = FALSE,
.lmtp_rcpt_check_quota = FALSE,
+ .lmtp_lhlo_dsn = FALSE,
.lmtp_user_concurrency_limit = 0,
.lmtp_hdr_delivery_address = "final:none:original",
.login_greeting = PACKAGE_NAME" ready.",
diff -up dovecot-2.3.0/src/lmtp/lmtp-settings.h.orig dovecot-2.3.0/src/lmtp/lmtp-settings.h
--- dovecot-2.3.0/src/lmtp/lmtp-settings.h.orig 2018-01-05 07:45:36.0 +0100
+++ dovecot-2.3.0/src/lmtp/lmtp-settings.h 2018-01-16 08:57:18.505887547 +0100
@@ -16,6 +16,7 @@ struct lmtp_settings {
bool lmtp_proxy;
bool lmtp_save_to_detail_mailbox;
bool lmtp_rcpt_check_quota;
+ bool lmtp_lhlo_dsn;
unsigned int lmtp_user_concurrency_limit;
const char *lmtp_hdr_delivery_address;
const char *login_greeting;
Re: Shared mailboxes, index files and 'per-user-seen' flags
Hi Thomas,
it is a known problem:
https://www.dovecot.org/pipermail/dovecot/2018-February/111057.html
Try the solution suggested in above mail; it works for me.
Thanks,
Marco
On 2018-06-06 13:53, Thomas Robers wrote:
> Hello,
>
> i have a dovecot server version 2.3.1 under CentOS 6.9 and we're
> using shared mailboxes with index files shared. With this configuration
> I can see a lot of error messages like:
>
> Jun 6 13:20:31 mail dovecot: Error: imap(us...@tutech.de)<4513>
> : /export/home/imap/us...@tutech.de/shared
> /us...@tutech.de/folder/dovecot.index.pvt view is inconsistent
>
> In 10-mail.conf the location setting is:
>
> location = maildir:%%h/Maildir:INDEXPVT=%h/shared/%%u
>
> I thought setting the index files to "not shared" might help to
> get rid of the errors, so I changed the setting to:
>
> location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:INDEXPVT=%h
> /shared/%%u
>
> like it's mentioned in the Dovecot wiki. But that doesn't work as
> I expected, because the 'per-user-seen' flags do not work correctly
> anymore, i think. If UserA, who has UserB as shared mailbox,
> changes the seen flags of UserBs INBOX, UserBs seen flags are also
> changed. The other way, if UserB changes seen flags in his INBOX
> they are not changed in the shared view of UserA. Is this the
> supposed way to work or do i have an error in the configuration?
>
> Any help is appreciated.
>
> Thanks, Thomas.
>
> Here's my currently used configuration:
>
> # 2.3.1 (c5a5c0c82): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.devel (61b47828)
> # OS: Linux 2.6.32-696.23.1.el6.x86_64 x86_64 CentOS release 6.9 (Final)
> ext4
> # Hostname: mail.tutech.de
> auth_master_user_separator = *
> auth_mechanisms = plain login
> auth_verbose = yes
> disable_plaintext_auth = no
> doveadm_password = # hidden, use -P to show it
> doveadm_port = 12345
> imap_max_line_length = 2 M
> mail_debug = yes
> mail_location = maildir:/export/home/imap/%Lu/Maildir
> mail_plugins = acl zlib mail_log notify
> mail_prefetch_count = 1
> mailbox_idle_check_interval = 10 secs
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate mime foreverypart
> extracttext
> namespace {
> hidden = no
> ignore_on_failure = no
> inbox = no
> list = children
> location = maildir:%%h/Maildir:INDEXPVT=%h/shared/%%u
> prefix = shared/%%u/
> separator = /
> subscriptions = yes
> type = shared
> }
> namespace inbox {
> hidden = no
> inbox = yes
> list = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix = INBOX/
> separator = /
> type = private
> }
>
> passdb {
> args = /etc/dovecot/master-users
> driver = passwd-file
> master = yes
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> }
> plugin {
> acl = vfile:/etc/dovecot/global-acls:cache_secs=300
> acl_shared_dict = file:/export/home/shared-db/shared-mailboxes
> mail_log_events = append delete undelete expunge copy mailbox_delete
> mailbox_rename flag_change
> mail_log_fields = uid box msgid size from flags
> mail_replica = tcp:mail2.tutech.de
> sieve = ~/.dovecot.sieve
> sieve_dir = ~/sieve
> sieve_global = /var/lib/dovecot/sieve/global/
> sieve_user_log = ~/.dovecot.sieve.log
> zlib_save = gz
> zlib_save_level = 6
> }
> protocols = imap pop3 lmtp sieve sieve
> service aggregator {
> fifo_listener replication-notify-fifo {
> mode = 0666
> user = vmail
> }
> unix_listener replication-notify {
> mode = 0666
> user = vmail
> }
> }
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> mode = 0666
> }
> unix_listener auth-userdb {
> group = vmail
> mode = 0660
> user = vmail
> }
> }
> service config {
> unix_listener config {
> user = vmail
> }
> }
> service doveadm {
> inet_listener {
> port = 12345
> }
> user = vmail
> }
> service imap-login {
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> process_limit = 500
> process_min_avail = 20
> }
&g
Re: dovecot.index.pvt reset, view is now inconsistent
Fun, I didn't read your message yesterday, but today I send an email like yours !!! Cheers, Marco On 2018-02-27 19:02, Rupert Gallagher wrote: Problem solved by going in manually. The log message appears for empty "public" folders. Say, you have a folder X with subfolder Y, where X does not contain any e-mail. The log message disappears if you drop an email into X, then remove it. Puf, gone! So, there seems to be a baby bug in how dovecot manages the index in this case. -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
BUG: Error: dovecot.index.pvt reset, view is now inconsistent when shared folder is new and empty
Hi,
I'm using Dovecot 2.2.33.2 on a RHEL 7, new installation. My log is full
of :
Error: INDEX_FOLDER/dovecot.index.pvt reset, view is now inconsistent
or
Error: INDEX_FOLDER/dovecot.index.pvt view is inconsistent
when shared folder is never touched and empty.
UserA share X folder with UserB, if X folder is new (never
touched) and empty every time UserB looks in that folder, an error
appears in log file. If UserA copy a mail in X folder, no more
errors. If UserA (or UserB) delete all mails in X folder (the folder
is empty again), no more errors.
So the errors appear when UserB access a new (never touched) shared
empty folder; if the folder is empty, but not new (p.e. UserA has
already copied and deleted mails in that folder) error is logged only once.
Attached my configuration.
Thanks,
Marco
--
Marco Giunta - ITCS SysAdmin
Via Bonomea, 265
34136 - Trieste, Italy
Tel: +39-040-3787-503
Fax: +39-040-3787-244
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 3.10.0-693.17.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708
(Core)
auth_debug = yes
auth_master_user_separator = *
auth_mechanisms = plain login
auth_username_format = %Ln
auth_verbose = yes
auth_verbose_passwords = sha1:6
doveadm_password = # hidden, use -P to show it
doveadm_port = 26001
first_valid_uid = 200
hostname = hostname.example.com
imap_client_workarounds = delay-newmail
imapc_features = rfc822.size fetch-headers
imapc_host = hostname.example.com
imapc_master_user = dovesuper
imapc_password = # hidden, use -P to show it
imapc_user = %u
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header = Delivered-To
listen = *
lmtp_hdr_delivery_address = original
lmtp_rcpt_check_quota = yes
login_trusted_networks = 10.0.0.0/30 10.0.0.0/30 10.0.0.0/23
mail_fsync = always
mail_gid = vmail
mail_home = /srv/mail/%1n/%n
mail_location =
mdbox:~/dbox:ALT=/srv/archives/%1n/%n/dbox:INDEX=/srv/indexes/%1n/%n:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n
mail_plugins = acl mailbox_alias quota fts fts_solr
mail_prefetch_count = 20
mail_server_admin = mailto:postmas...@example.com
mail_shared_explicit_inbox = yes
mail_uid = vmail
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext vacation-seconds spamtest spamtestplus editheader
imapflags notify
mbox_write_locks = fcntl
mdbox_rotate_interval = 1 days
mdbox_rotate_size = 64 M
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Archives {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
}
namespace others {
list = children
location =
mdbox:%%h/dbox:ALT=/srv/archives/%%1n/%%n/dbox:INDEX=/srv/indexes/%%1n/%%n:INDEXPVT=/srv/indexes/%1n/%n/shared/%%n:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n/shared/%%n
prefix = Other Users/%%n/
separator = /
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/passwd.masterusers
default_fields = userdb_master_user=%{login_user}
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.masterusers.acl
default_fields = userdb_acl_defaults_from_inbox=yes
userdb_mail=mdbox:/srv/mail/%1{login_user}/%{login_user}/dbox:ALT=/srv/archives/%1{login_user}/%{login_user}/dbox:INDEX=/srv/indexes/%1{login_user}/%{login_user}:INDEXPVT=/srv/indexes/%1n/%n/master/%{login_user}:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n/master/%{login_user}
driver = ldap
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.masterusers.noacl
default_fields = userdb_master_user=%{login_user}
userdb_mail=mdbox:/srv/mail/%1{login_user}/%{login_user}/dbox:ALT=/srv/archives/%1{login_user}/%{login_user}/dbox:INDEX=/srv/indexes/%1{login_user}/%{login_user}:INDEXPVT=/srv/indexes/%1n/%n/master/%{login_user}:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n/master/%{login_user}
driver = ldap
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile:/srv/shared/dovecot/global-acls:cache_secs=300
acl_shared_dict = fs:posix:prefix=/srv/shared/dovecot/shared-acls/
fts = solr
fts_autoindex = yes
fts_autoindex_max_recent_msgs = 20
fts_index_timeout = 60
fts_solr = url=http://localhost:8983/solr/dovecot/
last_login_dict = fs:posix:prefix=~/
last_login_key = lastlogin
mail_log_events = delete undelete expunge copy mailbox_delete
deny passdb match messages logged only with auth_verbose=yes
Hi at all, using deny passwd to restrict IMAP/POP3 access (https://wiki.dovecot.org/Authentication/RestrictAccess), I get deny passdb match messages: Feb 13 16:09:33 server-02 dovecot: auth: passwd-file(USERNAME,10.10.10.46,<9hzaYRllbsCTehgu>): User found from deny passdb only with auth_verbose=yes, sets global or defined in passdb block. But if I set auth_verbose=yes, for every user not present in passwd-file, Dovecot logs: Feb 13 16:09:57 server-02 dovecot: auth: passwd-file(USERNAME,10.10.10.46,<9hzaYRllbsCTehgu>): unknown user I know that if the account does not exist in the first passdb (deny passdb), then the error occur, even if it exists in the other passdb. This is normal, but auth_verbose shouldn't be used only to " Log unsuccessful authentication attempts and the reasons why they failed." ?? Again, I'm not a programmer, but 'auth_request_log_info' function in 'https://github.com/dovecot/core/blob/release-2.2.33/src/auth/auth-request.c' seems to log events only when 'auth_verbose=yes'. Is there another way to get deny passdb match messages, without enable verbose log ? Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
Re: BUG: panic when using fs:posix as dict for acl_shared_dict
On 2018-02-07 13:23, Aki Tuomi wrote: Maybe you can use sqlite3 instead as workaround? Ok, I've done what you suggested; I had some permissions problems on sqlite file/directory, but now it seems to work. Thanks for your advice, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
Re: BUG: panic when using fs:posix as dict for acl_shared_dict
On 2018-02-07 13:23, Aki Tuomi wrote: Maybe you can use sqlite3 instead as workaround? Ok, I try it and let you know. Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
BUG: panic when using fs:posix as dict for acl_shared_dict
Hi,
I'm using Dovecot 2.2.33.2 on a RHEL 7, new installation. When I use
fs:posix as dict for acl_shared_dict, like in Dovecot wiki
(https://wiki.dovecot.org/SharedMailboxes/ClusterSetup), doveadm-server
crash with error:
# doveadm acl set -u USERNAME FOLDER user=DEST_USERNAME lookup read
write-seen
doveadm(USERNAME): Panic: file dict-fs.c: line 127
(fs_dict_iterate_init): assertion failed: ((flags &
DICT_ITERATE_FLAG_RECURSE) == 0)
doveadm(USERNAME): Error: Raw backtrace:
/usr/lib64/dovecot/libdovecot.so.0(+0x9f3de) [0x7f0e4a4b23de] ->
/usr/lib64/dovecot/libdovecot.so.0(default_fatal_handler+0x2a)
[0x7f0e4a4b244a] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0)
[0x7f0e4a44377c] -> /usr/lib64/dovecot/libdovecot.so.0(+0x31688)
[0x7f0e4a444688] ->
/usr/lib64/dovecot/libdovecot.so.0(dict_iterate_init_multiple+0x4d)
[0x7f0e4a47cadd] ->
/usr/lib64/dovecot/libdovecot.so.0(dict_iterate_init+0x29)
[0x7f0e4a47cb89] ->
/usr/lib64/dovecot/lib01_acl_plugin.so(acl_lookup_dict_rebuild+0x3e1)
[0x7f0e49a40371] ->
/usr/lib64/dovecot/lib01_acl_plugin.so(acl_backend_vfile_acllist_rebuild+0x488)
[0x7f0e49a3dd18] ->
/usr/lib64/dovecot/lib01_acl_plugin.so(acl_backend_vfile_object_update+0x3c7)
[0x7f0e49a3e867] ->
/usr/lib64/dovecot/lib01_acl_plugin.so(acl_mailbox_update_acl+0x68)
[0x7f0e49a41e28] ->
/usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so(+0x2c11)
[0x7f0e48da1c11] ->
/usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so(+0x3060)
[0x7f0e48da2060] -> doveadm(+0x2b41c) [0x556f1280b41c] ->
doveadm(+0x2c01a) [0x556f1280c01a] ->
doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x23b) [0x556f1280ce7b] ->
doveadm(doveadm_cmd_run_ver2+0x50c) [0x556f1281c73c] ->
doveadm(doveadm_cmd_try_run_ver2+0x37) [0x556f1281c7d7] ->
doveadm(main+0x1e4) [0x556f127fb944] ->
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7f0e4a071c05] ->
doveadm(+0x1bd35) [0x556f127fbd35]
Aborted
Attached coredump and configuration.
I'm not a programmer, but seems that assert is raised by
'fs_dict_iterate_init' function inside 'src/lib-dict-extra/dict-fs.c':
static struct dict_iterate_context *
fs_dict_iterate_init(struct dict *_dict, const char *const *paths,
enum dict_iterate_flags flags)
{
...
/* these flags are not supported for now */
i_assert((flags & DICT_ITERATE_FLAG_RECURSE) == 0);
...
because it is called by 'acl_lookup_dict_iterate_read' function in file
'src/plugins/acl/acl-lookup-dict.c'
static void acl_lookup_dict_iterate_read(struct acl_lookup_dict_iter *iter)
{
...
dict_iter = dict_iterate_init(iter->dict->dict, prefix,
DICT_ITERATE_FLAG_RECURSE);
...
with DICT_ITERATE_FLAG_RECURSE set.
Same problem also with Dovecot 2.3.0.
Thanks,
Marco
--
Marco Giunta - ITCS SysAdmin
Via Bonomea, 265
34136 - Trieste, Italy
Tel: +39-040-3787-503
Fax: +39-040-3787-244
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 3.10.0-693.17.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708
(Core)
auth_debug = yes
auth_master_user_separator = *
auth_mechanisms = plain login
auth_username_format = %Ln
auth_verbose = yes
auth_verbose_passwords = sha1:6
doveadm_password = # hidden, use -P to show it
doveadm_port = 26001
first_valid_uid = 200
hostname = hostname.example.com
imap_client_workarounds = delay-newmail
imapc_features = rfc822.size fetch-headers
imapc_host = hostname.example.com
imapc_master_user = dovesuper
imapc_password = # hidden, use -P to show it
imapc_user = %u
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header = Delivered-To
listen = *
lmtp_hdr_delivery_address = original
lmtp_rcpt_check_quota = yes
login_trusted_networks = 10.0.0.0/30 10.0.0.0/30 10.0.0.0/23
mail_fsync = always
mail_gid = vmail
mail_home = /srv/mail/%1n/%n
mail_location =
mdbox:~/dbox:ALT=/srv/archives/%1n/%n/dbox:INDEX=/srv/indexes/%1n/%n:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n
mail_plugins = acl mailbox_alias quota fts fts_solr
mail_prefetch_count = 20
mail_server_admin = mailto:postmas...@example.com
mail_shared_explicit_inbox = yes
mail_uid = vmail
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext vacation-seconds spamtest spamtestplus editheader
imapflags notify
mbox_write_locks = fcntl
mdbox_rotate_interval = 1 days
mdbox_rotate_size = 64 M
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Archives {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use =
Re: Re: Bug in dovecot 2.3 virtual plugin
Hi, did you have time to investigate about 'Panic: file unichar.c' bug ? Because I have the same problem with a 2.3.0 installation without virtual plugin. Thanks, Marco On 2018-01-03 16:52, Aki Tuomi wrote: This is not a bug in virtual plugin, but in some email which contains invalid unicode sequence somehow. Can you send me a core file? This should not have occured ofc but would be nice to know how it ended up here. Aki On January 3, 2018 at 5:35 PM Jakobus Schürz <wertsto...@nurfuerspam.de> wrote: Hi there! I compiled dovecot 2.3 from git. Because there is already a bug in virtual-plugin, and i hoped, it get fixed... but it doesn't. So this is the error-message from the log Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>: Panic: file unichar.c: line 160 (uni_ucs4_to_utf8_c): assertion failed: (uni_is_valid_ucs4(chr)) Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f8299f7a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f8299f7a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f8299eec481] -> /usr/local/lib/dovecot/libdovecot.so.0(uni_ucs4_to_utf8_c+0xa0) [0x7f8299fb1500] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xa75e0) [0x7f8299f5b5e0] -> /usr/local/lib/dovecot/libdovecot.so.0(mail_html2text_more+0xc5) [0x7f8299f5b775] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0xcfcc) [0x7f82990aefcc] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_parser_more+0x27) [0x7f82990aeca7] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_build_mail+0x5e9) [0x7f82990acc39] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x1122d) [0x7f82990b322d] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) [0x7f82958e316a] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) [0x7f82958e316a] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_precache+0x2e) [0x7f829a2641be] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](+0x2533) [0x562227882533] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f8299f91bf9] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) [0x7f8299f93499] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f8299f91d02] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f8299f91f18] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f8299f0f1e3] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](main+0xe7) [0x562227881f47] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f8299b352b1] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](_start+0x2a) [0x56222788201a] Jän 03 16:27:08 aldebaran dovecot[26460]: indexer: Error: Indexer worker disconnected, discarding 1 requests for jakob Jän 03 16:27:08 aldebaran dovecot[26460]: imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Error: indexer failed to index mailbox Synoptic/AKTUELL Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>: Fatal: master: service(indexer-worker): child 26476 killed with signal 6 (core dumps disabled) Jän 03 16:27:09 aldebaran dovecot[26460]: indexer-worker(jakob)<26484><qQ6g1+BhIJvAqAAO:J6mUIEz2TFp0ZwAAk1Mx3g>: Error: lucene index /var/lib/dovecot/db/indexes/Maildir/jakob/lucene-indexes: IndexWriter() failed (#1): Lock obtain timed out Jän 03 16:27:10 aldebaran dovecot[26460]: indexer-worker(jakob)<26484><qQ6g1+BhIJvAqAAO:J6mUIEz2TFp0ZwAAk1Mx3g>: Error: Mailbox Synoptic/AKTUELL: Transaction commit failed: BUG: Unknown internal error (attempted to index 1488 messages (UIDs 15214..16775)) Jän 03 16:27:10 aldebaran dovecot[26460]: imap(jakob)<26480>: Error: indexer failed to index mailbox Synoptic/AKTUELL Jän 03 16:27:11 aldebaran dovecot[26460]: imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Panic: file mail-index.c: line 793 (mail_index_close): assertion failed: (index->open_count > 0) Jän 03 16:27:11 aldebaran dovecot[26460]: imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7fb0fbd3a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7fb0fbd3a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fb0fbcac481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf39a8) [0x7fb0fc0d99a8] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd92d1) [0x7fb0fc0bf2d1] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd9363) [0x7fb0fc0bf363] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_free+0
Re: Dovecot 2.3.0, Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL)
Hi, If I downgrade to Dovecot 2.2.33.2, there are no problems to sync users with ACL Thanks, Marco On 2018-02-02 14:39, Marco Giunta wrote: Hi at all, I have a RHEL7 server with Dovecot 2.3.0 (new installation). I've a problem when trying to dsync from a Dovecot 2.2.24 server. If I try to sync any user with a folder with ACL, dsycn crash with panic: Source server: dsync-local(USERNAME): Debug: sieve: file storage: sync: Synchronization active dovecot: dsync-local(USERNAME): Debug: acl vfile: reading file /var/spool/mail/U/USERNAME/dovecot-acl dsync-local(USERNAME): Error: read(DEST_SERVER.example.com) failed: EOF (last sent=mail_change (EOL), last recv=mailbox) Destination server: Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL) Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xc8cc4) [0x7fa861bc0cc4] -> /usr/lib64/dovecot/libdovecot.so.0(+0xc8d7e) [0x7fa861bc0d7e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7fa861b34190] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x55cbc) [0x7fa861ec1cbc] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_mailbox_import_attribute+0x4d) [0x55b9d4ce215d] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_brain_sync_mails+0x2ef) [0x55b9d4cddbdf] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_brain_run+0x2b0) [0x55b9d4cd93e0] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x43a10) [0x55b9d4cd9a10] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x5837f) [0x55b9d4cee37f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x65) [0x7fa861bd82b5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7fa861bd9b5f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fa861bd83b2] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fa861bd85d8] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x28369) [0x55b9d4cbe369] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x29c07) [0x55b9d4cbfc07] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x3f969) [0x55b9d4cd5969] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x65) [0x7fa861bd82b5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7fa861bd9b5f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fa861bd83b2] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fa861bd85d8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fa861b56b23] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](main+0x1b6) [0x55b9d4cb0536] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fa861756c05] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x1a5f5) [0x55b9d4cb05f5] Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Fatal: master: service(doveadm): child 2149 killed with signal 6 (core dumped) Coredump and configuration attached. On source server I run this command: # doveadm -D backup -f -u USERNAME -x 'Archives*' tcp:DEST_SERVER.example.com but same panic if try to sync from destination server: # doveadm -D backup -fR -u USERNAME -x 'Archives*' tcp:SOURCE_SERVER.example.com Same panic also syncing any user with acl and using different acl_shared_dict (file or fs:posix) in dovecot configuration. Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
Dovecot 2.3.0, Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL)
Hi at all, I have a RHEL7 server with Dovecot 2.3.0 (new installation). I've a problem when trying to dsync from a Dovecot 2.2.24 server. If I try to sync any user with a folder with ACL, dsycn crash with panic: Source server: dsync-local(USERNAME): Debug: sieve: file storage: sync: Synchronization active dovecot: dsync-local(USERNAME): Debug: acl vfile: reading file /var/spool/mail/U/USERNAME/dovecot-acl dsync-local(USERNAME): Error: read(DEST_SERVER.example.com) failed: EOF (last sent=mail_change (EOL), last recv=mailbox) Destination server: Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL) Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xc8cc4) [0x7fa861bc0cc4] -> /usr/lib64/dovecot/libdovecot.so.0(+0xc8d7e) [0x7fa861bc0d7e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7fa861b34190] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x55cbc) [0x7fa861ec1cbc] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_mailbox_import_attribute+0x4d) [0x55b9d4ce215d] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_brain_sync_mails+0x2ef) [0x55b9d4cddbdf] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_brain_run+0x2b0) [0x55b9d4cd93e0] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x43a10) [0x55b9d4cd9a10] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x5837f) [0x55b9d4cee37f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x65) [0x7fa861bd82b5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7fa861bd9b5f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fa861bd83b2] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fa861bd85d8] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x28369) [0x55b9d4cbe369] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x29c07) [0x55b9d4cbfc07] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x3f969) [0x55b9d4cd5969] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x65) [0x7fa861bd82b5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7fa861bd9b5f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fa861bd83b2] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fa861bd85d8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fa861b56b23] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](main+0x1b6) [0x55b9d4cb0536] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fa861756c05] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x1a5f5) [0x55b9d4cb05f5] Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Fatal: master: service(doveadm): child 2149 killed with signal 6 (core dumped) Coredump and configuration attached. On source server I run this command: # doveadm -D backup -f -u USERNAME -x 'Archives*' tcp:DEST_SERVER.example.com but same panic if try to sync from destination server: # doveadm -D backup -fR -u USERNAME -x 'Archives*' tcp:SOURCE_SERVER.example.com Same panic also syncing any user with acl and using different acl_shared_dict (file or fs:posix) in dovecot configuration. Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244 # 2.3.0 (c8b89eb): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.0.1 (d33dca2) # OS: Linux 3.10.0-693.17.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708 (Core) auth_master_user_separator = * auth_mechanisms = plain login auth_username_format = %Ln auth_verbose = yes auth_verbose_passwords = sha1:6 doveadm_password = # hidden, use -P to show it doveadm_port = 26001 first_valid_uid = 200 hostname = server-02.example.com imap_client_workarounds = delay-newmail imapc_features = rfc822.size fetch-headers imapc_host = posta-01.example.com imapc_master_user = dovesuper imapc_password = # hidden, use -P to show it imapc_user = %u lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = Delivered-To listen = * lmtp_hdr_delivery_address = original lmtp_lhlo_dsn = yes lmtp_rcpt_check_quota = yes login_trusted_networks = 10.0.0.172/30 10.0.0.212/30 10.0.0.0/23 mail_fsync = always mail_gid = vmail mail_home = /srv/mail/%1n/%n mail_location = mdbox:~/dbox:ALT=/srv/archives/%1n/%n/
Re: [BUG] dovecot 2.3.0 - service(lmtp) killed with signal 11 when user is overquota
On 2018-01-18 08:01, Aki Tuomi wrote: Hi! This is fixed with https://github.com/dovecot/core/commit/2bf919786518d138cc07d9cc21e14ad5e07e5e56.patch Aki Tuomi yes, it works. Thanks, Marco --
[BUG] dovecot 2.3.0 - service(lmtp) killed with signal 11 when user is overquota
Hi,
I'm using dovecot 2.3.0 installed on a new CentOS 7.4 with rpm from
Dovecot repo. When I use LMTP to deliver an email to an overquota user,
lmtp service hangs with a segfault:
Jan 17 13:39:45 server-02.example.com kernel: lmtp[5099]: segfault at 0
ip 563599e372c2 sp 7ffeaa4fdc80 error 4 in lmtp[563599e31000+b000]
Jan 17 13:39:45 server-02.example.com dovecot[5089]: lmtp(5099): Fatal:
master: service(lmtp): child 5099 killed with signal 11 (core dumped)
If I try to deliver a mail with 'dovecot-lda' on the same overquota
user, email was rejected, as expected:
Jan 17 13:38:26 server-02.example.com dovecot[6773]:
lda(USERNAME)<6773>: Debug: Mailbox stdin:
Opened mail UID=1 because: copying
Jan 17 13:38:26 server-02.example.com dovecot[6773]:
lda(USERNAME)<6773>: msgid=unspecified: save
failed to INBOX: Quota exceeded (mailbox for user is full)
Jan 17 13:38:26 server-02.example.com dovecot[6773]:
lda(USERNAME)<6773>: msgid=unspecified:
rejected: Quota exceeded (mailbox for user is full)
Jan 17 13:38:26 server-02.example.com dovecot[6773]:
lda(USERNAME)<6773>: msgid=: Return-Path
missing, rejection reason: Quota exceeded (mailbox for user is full)
If user is no more overquota, LTMP delivery works:
Jan 17 14:13:16 server-02.example.com dovecot[8651]:
lmtp(usern...@example.com)<8665>: Debug: Mailbox
: Opened mail UID=1 because: copying
Jan 17 14:13:16 server-02.example.com dovecot[8651]:
lmtp(usern...@example.com)<8665>: Debug: INBOX:
Mailbox opened because: quota count
Jan 17 14:13:16 server-02.example.com dovecot[8651]:
lmtp(usern...@example.com)<8665>: sieve:
msgid=<151619479629.10128.16766154794856971...@client.example.com>:
stored mail into mailbox 'INBOX'
Attached my dovecot configuration and a backtrace from gdb.
Thanks,
Marco
--
#0 lmtp_local_rcpt_reply_overquota (rcpt=rcpt@entry=0x55ee1015b400,
error=0x55ee101835c0 "Quota exceeded (mailbox for user is full)") at
lmtp-local.c:136
address =
lda_set =
#1 0x55ee0dff5652 in lmtp_local_rcpt_check_quota (rcpt=0x55ee1015b400) at
lmtp-local.c:231
box = 0x55ee10176ef8
status = {messages = 0, recent = 0, unseen = 0, uidvalidity = 0,
uidnext = 0, first_unseen_seq = 0, first_recent_uid = 0, last_cached_seq = 0,
highest_modseq = 0,
highest_pvt_modseq = 0, keywords = 0x0, permanent_flags = 0, flags =
0, permanent_keywords = false, allow_new_keywords = false, nonpermanent_modseqs
= false,
no_modseq_tracking = false, have_guids = true, have_save_guids =
true, have_only_guid128 = false}
mail_error = MAIL_ERROR_NOQUOTA
ret =
client =
address = 0x55ee10150770
user = 0x55ee101613e8
ns =
error = 0x55ee101835c0 "Quota exceeded (mailbox for user is full)"
#2 lmtp_local_rcpt_anvil_finish (rcpt=rcpt@entry=0x55ee1015b400) at
lmtp-local.c:287
cmd = 0x55ee10150638
#3 0x55ee0dff5bf8 in lmtp_local_rcpt (client=client@entry=0x55ee10135aa8,
cmd=cmd@entry=0x55ee10150638, data=data@entry=0x55ee10150728,
username=,
detail=0x7f6aa397e4c8 "") at lmtp-local.c:400
conn =
address = 0x55ee10150770
trans =
rcpt = 0x55ee1015b400
input = {parent_event = 0x0, module = 0x55ee0dff7dc3 "lmtp", service =
0x55ee0dff7dc3 "lmtp", username = 0x55ee100f4210 "usern...@example.com",
session_id = 0x55ee10150af0 "pWtqHtE7X1rqEwAASpDaHg",
session_id_prefix = 0x0, session_create_time = 0, local_ip = {family = 2, u =
{ip6 = {__in6_u = {
__u6_addr8 = "\223z\v\205", '\000' ,
__u6_addr16 = {31379, 34059, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {2232122003, 0,
0, 0}}}, ip4 = {
s_addr = 2232122003}}}, remote_ip = {family = 2, u = {ip6 =
{__in6_u = {__u6_addr8 = "\223z\030.", '\000' , __u6_addr16 =
{31379, 11800,
0, 0, 0, 0, 0, 0}, __u6_addr32 = {773356179, 0, 0, 0}}},
ip4 = {s_addr = 773356179}}}, local_port = 24, remote_port = 47292,
userdb_fields = 0x0,
Missing separate debuginfos, use: debuginfo-install
cyrus-sasl-lib-2.1.26-21.el7.x86_64 dovecot-pigeonhole-2.3.0-4.x86_64
glibc-2.17-196.el7_4.2.x86_64 keyutils-libs-1.5.8-3.el7.x86_64
krb5-libs-1.15.1-8.el7.x86_64 libcom_err-1.42.9-10.el7.x86_64
libselinux-2.5-11.el7.x86_64 nspr-4.13.1-1.0.el7_3.x86_64
nss-3.28.4-15.el7_4.x86_64 nss-softokn-freebl-3.28.3-8.el7_4.x86_64
nss-util-3.28.4-3.el7.x86_64 openldap-2.4.44-5.el7.x86_64
openssl-libs-1.0.2k-8.el7.x86_64 pcre-8.32-17.el7.x86_64
zlib-1.2.7-17.el7.x86_64
flags_override_add = (unknown: 0), flags_override_remove = (unknown:
0), no_userdb_lookup = false, debug = false, conn_secured = true,
conn_ssl_secured = false}
service_user = 0x55ee10150dc8
session_id = 0x55ee10150af0 "pWtqHtE7X1rqEwAASpDaHg"
error = 0x0
Share Website certificate with SSL/STL Dovecot IMAP and Postifix SMTP
Hi guys, I've bought a certificate from the authority for my website to use to access in https mode. Is it possible to share the same pairs to authenticate the emails sent by postfix and Dovecot in order to avoid that client as Hotmail.it or Gmail intercept these as Spam? Thank you
Maildir migration from Dovecot to Dovecot
Hello everbody, I'm a proud user of Dovecot 2.2.9 on Ubuntu 14.04 LTS. I currently migrate all my Linux services to a new Debian 8 Jessie Server. On this server I installed and configured Dovecot 2.2.24. Now I search a way to migrate the two IMAP users I have on this server preserving all timestamps, folders and flags. Yes, only two ;-) I read the following two articles: http://wiki2.dovecot.org/Tools/Doveadm/Sync http://wiki2.dovecot.org/Migration/Dsync But I must say, that either these articles are not so good, or I act quite dumb. I understand that I have to use "doveadm backup" against my old server to make a one sync with all properties of each mail. What I miss are proper examples and that there are so many options, I could set. But what confuses me most is the the configuration file in (http://wiki2.dovecot.org/Migration/Dsync) which I don't know how to reference? Am I using the wrong guides, are the article someway misleading or is there anything else I'm overlooking? Thank you so much! -- Marco Hofmann https://www.meinekleinefarm.net/ Twitter: @ZomboBrain
Re: Migrate Dovecot email archive
Yes, infact it's working: after thecopy I've switched mx record and server address on the email client so, the oldmailbox is not used. Mailstorage format was the same on both servers (mbox). I'vepreferred this approach than the use of Dsync or Imapsync tools. Il Lunedì 20 Giugno 2016 9:14, Steffen Kaiser <skdove...@smail.inf.fh-brs.de> ha scritto: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 19 Jun 2016, Marco Usai wrote: > Yesterday I'vemigrated Dovecot mail archive between two servers using the > procedure below: > 1) Createon the new server the same email accounts existing on the old server. > 2) Transferthe "tarred" mail folder from the old to the new server. > For testingpurposes, on Outlook 2007 I've deleted a .pst cache file, forcing > the client todownload all emails again. > > The switchwas absolutely transparent without any problem. All the emails were > availableand Outlook 2007 noticed no changes. > Can Iconsider this a correct procedure or should I use some tools like Dsync ? If you do not change the mail storage format (Maildir -> dbox, or something like that), do not change 32bit -> 64bit, big / little endian a.s.o. and if you make sure the old mailbox is not accessed, while you copy the data over, it should work :-) In fact, I use "rsync". - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBV2eXs3z1H7kL/d9rAQKUUQf/WebZz4IiJogPyWO0vCvJVomDl12E/1cX fDz0FW7wceJrKIYmLfIJa5S4L2r1bimdfVimiPbs3ORMbBV37TXH8lErbLZMSrEi gjn7FI1Q6hF97Lrc1YSn9UkENp9M7bXpXsDPiuOn++KXZ+fM5QkSzKxV2F9YAoap J/efjEo/cliOiSYWC5R4yZ8bIY45x83kxMhWctH3ZQ/dCGWdiAgGxg0l+bP0AurV 7vEJhfhJxdV2FnaQtnhHHRuOFcIVBSyvDWkx9iQZ5ZiTnE9NDsVYf5gkPy+2dkrf XvtZ+G9HRaBGrCkqGJxWZTRzjgtnBYx6lxz+9zPgRVGpguKFR7Qnkg== =2W8A -END PGP SIGNATURE-
Migrate Dovecot email archive
Yesterday I'vemigrated Dovecot mail archive between two servers using the procedure below: 1) Createon the new server the same email accounts existing on the old server. 2) Transferthe "tarred" mail folder from the old to the new server. For testingpurposes, on Outlook 2007 I've deleted a .pst cache file, forcing the client todownload all emails again. The switchwas absolutely transparent without any problem. All the emails were availableand Outlook 2007 noticed no changes. Can Iconsider this a correct procedure or should I use some tools like Dsync ?
Migrate email account from Dovecot to Dovecot servers
Hello, 1) I needto migrate some mbox imap email accounts from a shared webhosting provider toanother one. 2) Bothservers seem to use Devecot, as a telnet command on port 143 shows an identicalresponse:* OK[CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACESTARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 3) I don'tknow Dovecot version because I don't have access to "dovecot --version"command. 4) I can'tuse "doveadm-sync" because the command is not available on my sharedhosting account. 5) I preferto leave imapsync perl script as the last option because I want to preserve theUID. So, I needto know what migration procedure can be adopted: if I copythe /home/user/mail/ directory containing all email account from the sourceserver to the destination server, can I expect to see all accounts working withall the emails transferred ? Should I firstcreate from cPanel all the email account with identical names and password onthe destination server ? Anysuggestion will be much appreciated. Thanks in advance!
Re: Re: Setting lmtp_user_concurrency_limit causes anvil permission error
Same problem here: Apr 26 15:01:37 posta-01 dovecot: lmtp(2432): Error: net_connect_unix(/var/run/dovecot/anvil) failed: Permission denied # ls -l /var/run/dovecot/anvil srw--- 1 root root 0 Apr 26 15:08 /var/run/dovecot/anvil but I don't use 'lmtp_rcpt_check_quota'. Marco On 2016-04-07 14:39, Tom Sommer wrote: On 2016-04-07 13:41, Tom Sommer wrote: I've set lmtp_user_concurrency_limit to 5 and now LMTP throws this at me for every delivery: Apr 07 13:38:33 lmtp(4434): Error: net_connect_unix(/var/run/dovecot/anvil) failed: Permission denied ls -l /var/run/dovecot/anvil srw--- 1 root root 0 Apr 7 13:32 /var/run/dovecot/anvil If I set lmtp_user_concurrency_limit to 0, the error goes away. Hrm, if I disable lmtp_rcpt_check_quota, then the error goes away as well. Very confusing. -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
problem with Sieve Duplicate Extension when used together with fileinto
e...@example.com):
rSM3And3GFdFaQAAIDyJFw: sieve:
msgid=<20160421064922.26919.68...@myhost.example.com>: stored mail into
mailbox 'mail02'
Apr 21 08:49:22 smtp-server dovecot: lmtp(use...@example.com):
YVCsNPJ3GFd1dgAAIDyJFw: sieve:
msgid=<20160421064922.26919.68...@myhost.example.com>: marked message to
be discarded if not explicitly delivered (discard action)
Apr 21 08:49:23 smtp-server dovecot: lmtp(use...@example.com):
bSaBBU53GFdhbwAAIDyJFw: sieve:
msgid=<20160421064922.26919.68...@myhost.example.com>: marked message to
be discarded if not explicitly delivered (discard action)
Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com):
fSOyOtV3GFcmdAAAIDyJFw: sieve:
msgid=<20160421064927.26926.28...@myhost.example.com>: stored mail into
mailbox 'mail01'
Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com):
sSM3And3GFdFaQAAIDyJFw: sieve:
msgid=<20160421064927.26926.28...@myhost.example.com>: stored mail into
mailbox 'mail01'
Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com):
sSM3And3GFdFaQAAIDyJFw: sieve:
msgid=<20160421064927.26926.28...@myhost.example.com>: stored mail into
mailbox 'mail02'
Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com):
fSOyOtV3GFcmdAAAIDyJFw: sieve:
msgid=<20160421064927.26926.28...@myhost.example.com>: stored mail into
mailbox 'mail02'
Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com):
ZVCsNPJ3GFd1dgAAIDyJFw: sieve:
msgid=<20160421064927.26926.28...@myhost.example.com>: marked message to
be discarded if not explicitly delivered (discard action)
As you can see, the message ID of a single sent, is the same, so the
duplicate extension should work. If I replace the 'fileinto' rule with,
for example, a 'setflag' rule:
---
require ["fileinto", "duplicate", "imap4flags"];
if duplicate {
discard;
stop;
}
if address :is :all "to" "mai...@example.com" {
setflag "\\seen";
}
if address :is :all "to" "mai...@example.com" {
setflag "\\seen";
}
--
it works like a charm: for every mail sent, the duplicate extension works.
What is it wrong ? someone has any clue ?
Cheers,
Marco
--
Marco Giunta - ITCS SysAdmin
Via Bonomea, 265
34136 - Trieste, Italy
Tel: +39-040-3787-503
Fax: +39-040-3787-244
Re: Re: Accessing to mail as another user
Hi,
we have such configuration in our Dovecot; it is configured with virtual
users and acl. To enable access of userA mailbox to userB, first I have
to add userB to userA acl, and then I put userA username in an
ARBITRARY_FIELD of userB record in our ldap (if you use a db for your
account, the configuration could be more simple). We use the
ARBITRARY_FIELD to limit the access of other users mailboxes: the field
is not writable by the user, only by administrators.
Our config files:
/etc/dovecot/conf.d/auth-master.conf.ext
...
passdb {
driver = ldap
master = yes
args = /etc/dovecot/dovecot-ldap.conf.masterusers
pass = yes
default_fields =
userdb_mail=maildir:/path_to_mailboxes/%1{login_user}/%{login_user}:INDEXPVT=/path_to_indexes/%1n/%n/shared/%{login_user}
}
and in /etc/dovecot/dovecot-ldap.conf.masterusers
...
pass_attrs = uid=user,userPassword=password
pass_filter =
(&(uid=%n)(accountStatus=active)(ARBITRARY_FIELD=%{login_user}))
to login, you have to use the same way of a masteruser:
Login: userA*userB
Password: userB_password
Cheers,
Marco
On 2016-02-10 07:49, Angel L. Mateo wrote:
El 09/02/16 a las 13:44, Matthias Fechner escribió:
do you maybe mean shared mailboxes:
http://wiki.dovecot.org/SharedMailboxes
I don't want shared mailboxes. I have to access the other mailbox
as a complete separate account from my personal one.
I think I can achive this with master user, but I need to found a
way to configure permissions so the real user has access to all folders
in the other mailbox.
--
Marco Giunta - ITCS SysAdmin
Via Bonomea, 265
34136 - Trieste, Italy
Tel: +39-040-3787-503
Fax: +39-040-3787-244
How to apply the patch for disable SSL3 on Dovecot 2.0.9
Hi,I see on Dovecot 2.0.9 is no possibile disable SSL3 Until I wait the panel of my server will look into this issue and maybe put a more updated version, how I can fix this?I found on the Internet http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 also link to the patch http://www.mail-archive.com/dovecot@dovecot.org/msg59945.html I don't know what to do for fix the SSL 3 Issue I AM On CentoOs 6.3Thanks.
Re: separate passdb for unix_listener
You can have a separate dovecot instance for smtp-auth and use that
socket in postfix config.
Just use a small config like the one below for the "auth only instance"
and fire it up with "dovecot -F -c /etc/dovecot/dovecot-auth.conf"
you can then copy and adapt the systemd script or what ever to start it
automatically. in that sql-conf you just need a password_query, no
user_query.
---
base_dir = /var/run/dovecot-auth
instance_name = dovecot-auth
passdb {
driver = sql
args = /etc/dovecot/dovecot-auth-sql.conf.ext
}
# disable listeners
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 0
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
}
}
service auth {
unix_listener auth-userdb {
#mode = 0666
#user =
#group = virtual_mail
}
# Postfix smtp-auth socket
unix_listener /var/spool/postfix/private/auth-smtp {
mode = 0660
group = virtual_mail
}
# Auth process is run as this user.
#user = $default_internal_user
}
---
On 06.10.2015 17:53, Damon wrote:
> I want to use a separate passed for the unix_listener (postfix smtp-auth) so
> i can limit access to the smtp server by user/domain using the postfixadmin
> database.
> I want to let users access map to receive email but not be able to send.
>
> Any ideas?
>
> Thanks
> Damon
BUG: service(auth) crash when quota-status lookup an address with local-part starting with auth_master_user_separator
icy
sender=john...@example.com
recipient=;jane...@example.com
size=1
action=DEFER_IF_PERMIT Internal error occurred. Refer to server log for
more information.
and server log:
Sep 29 10:20:00 my_server dovecot: auth: userdb(?): Username character
disallowed by auth_username_chars: 0x2a (username: *@example.com)
Sep 29 10:20:31 my_server dovecot: auth: userdb(?): Username character
disallowed by auth_username_chars: 0x2a (username: *jane...@example.com)
Sep 29 10:20:54 my_server dovecot: auth: Panic: file auth-request.c:
line 1252 (auth_request_set_login_username): assertion failed:
(*username != '\0')
Sep 29 10:20:54 my_server dovecot: auth: Error: Raw backtrace:
/usr/lib64/dovecot/libdovecot.so.0 [0x3d70a7126a] ->
/usr/lib64/dovecot/libdovecot.so.0 [0x3d70a712d6] ->
/usr/lib64/dovecot/libdovecot.so.0 [0x3d70a70cac] -> dovecot/auth
[0x4131eb] -> dovecot/auth(auth_request_set_username+0x94) [0x413284] ->
dovecot/auth [0x40dc4c] -> dovecot/auth [0x40e60b] ->
/usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x49) [0x3d70a82699]
-> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd5)
[0x3d70a83a55] ->
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9)
[0x3d70a82739] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38)
[0x3d70a829b8] ->
/usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13)
[0x3d70a29233] -> dovecot/auth(main+0x383) [0x41cfc3] ->
/lib64/libc.so.6(__libc_start_main+0xf4) [0x3302e1d9f4] -> dovecot/auth
[0x40b5f9]
Sep 29 10:20:54 my_server dovecot: quota-status: Error: userdb
lookup(;@example.com): Disconnected unexpectedly
Sep 29 10:20:54 my_server dovecot: auth: Fatal: master: service(auth):
child 19941 killed with signal 6 (core dumps disabled)
Sep 29 10:21:15 my_server dovecot: auth: Panic: file auth-request.c:
line 1252 (auth_request_set_login_username): assertion failed:
(*username != '\0')
Sep 29 10:21:15 my_server dovecot: auth: Error: Raw backtrace:
/usr/lib64/dovecot/libdovecot.so.0 [0x3d70a7126a] ->
/usr/lib64/dovecot/libdovecot.so.0 [0x3d70a712d6] ->
/usr/lib64/dovecot/libdovecot.so.0 [0x3d70a70cac] -> dovecot/auth
[0x4131eb] -> dovecot/auth(auth_request_set_username+0x94) [0x413284] ->
dovecot/auth [0x40dc4c] -> dovecot/auth [0x40e60b] ->
/usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x49) [0x3d70a82699]
-> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd5)
[0x3d70a83a55] ->
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9)
[0x3d70a82739] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38)
[0x3d70a829b8] ->
/usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13)
[0x3d70a29233] -> dovecot/auth(main+0x383) [0x41cfc3] ->
/lib64/libc.so.6(__libc_start_main+0xf4) [0x3302e1d9f4] -> dovecot/auth
[0x40b5f9]
Sep 29 10:21:15 my_server dovecot: quota-status: Error: userdb
lookup(;jane...@example.com): Disconnected unexpectedly
Sep 29 10:21:15 my_server dovecot: auth: Fatal: master: service(auth):
child 20758 killed with signal 6 (core dumps disabled)
of course, I don't have any address '*@example.com' or
'*jane...@example.com', but some bot in internet try to send emails to
these addresses, and my Postfix ask my dovecot server for the quota of
'*' or '*janedoe' user.
I've solved the problem adding a REJECT rule to Postfix to discard the
mail to '*@example.com' before the quota check, but this problem should
be solved in Dovecot.
thank you,
Marco
My configuration:
# 2.2.15: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.6 (3e924b1b6c5c+)
# OS: Linux 2.6.18-406.el5 x86_64 Red Hat Enterprise Linux Server
release 5.11 (Tikanga) ext3
auth_master_user_separator = *
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = sha1
disable_plaintext_auth = no
doveadm_password = XXX
doveadm_port = 12345
first_valid_uid = 200
hostname = myserver.example.com
imap_client_workarounds = delay-newmail
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header = X-Original-To
listen = *
login_log_format_elements = user=<%u> PID=%p method=%m rip=%r lip=%l %c
login_trusted_networks = XXX.XXX.XXX.XXX
mail_gid = mail
mail_home = /var/spool/mail/%1n/%n
mail_location =
maildir:/var/spool/mail/%1n/%n:INDEX=/var/shared/indexes/%1n/%n
mail_plugins = acl mailbox_alias quota
mail_shared_explicit_inbox = yes
mail_uid = vmail
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate vacation-seconds imapflags notify
mbox_write_locks = fcntl
mmap_disable = yes
namespace archives {
hidden = no
inbox = no
list = children
location =
maildir:/var/spool/archives/%1n/%n:IN
Re: mirroring one domain.tld to domain.tld.au
On 28.09.2015 16:47, voy...@sbt.net.au wrote: > I have Postfix/Dovecot/postfixadmin/MySQL with several virtual mailbox > domains > > one of the domains is like aname.com.au, the user also now has aname.com, > and, would like to 'mirror' most of the addresses to be u...@aname.com, > THOUGH, some are to remain as us...@aname.com.au I usually do this by having 4 tables in mysql: hosting (links everything together, links to a product table, quota, what ever) domains (domainnames) accounts (homedir, password, etc.) usernames - one hosting has many accounts - one hosting has many domains (domain aliases) - one account has many usernames (localpart aliases for same account) then you can match like anything you want out of this and you use similar queries for postfix and dovecot. in the domains table you could have a column boolean "maindomain" and in the account table you have a column "maindomain_only"... for my use, users don't care if there are other alias combinations - they just don't use it then. but they can login with any combination of @ and it's still only one mail directory per account. it's also a good idea to name the maildirectory like /, so you don't have the domain / username hardcoded anywhere. just some thoughts, works great for me - but depends on your exact use case. you can do like anything you want in SQL for postfix and dovecot keep performance in mind though :-) > > so, both u...@aname.com as well as u...@aname.com.au should be one user > > the users retrive emails as u...@aname.com.au > > longer term... some would want to use aname.com.au. some, aname.com > > what's the best/proper way to do so in Dovecot ? > > I think I can do Postfix with postfixadmin to "Mirror addresses of one of > your domains to another." > > but what do I do at the Dovecot end...? > > thanks for any pointers, suggestions or advice
Re: distuguish between different domains
>> the dovecot service does not care about the server dns name. the dns >> name resolves to the IP address on the client (roundcube) and the client >> connects to the server. if the same dovecot instance listens to all / >> both IP address, client will end up on this dovecot instance and all >> valid user-password combinations are authorized. that's the way it has >> to be, otherwise virtual / mass virtual domain hosting would not be >> possible as you cannot spawn 1000 instances on the same machine (ok, in >> theory you could do that :D) > No, it's only impossible if you are using passdb or otherwise > authenticating against real users of the system. If you are using > virtual users (SQL, LDAP, etc.), you can include the domain name in the > auth lookups. > > Andreas was asking about the fqdn where the imap client is connecting to, not the user name / e-mail address. you can use localpart and domain from the email address in passdb / userdb lookups but dovecot (imap) is nothing like http where you send the a hostname of the site you're conncting to in the header.
Re: BUG: service(auth) crash when quota-status lookup an address with local-part starting with auth_master_user_separator
On 2015-09-29 11:06, Timo Sirainen wrote:
On 29 Sep 2015, at 11:36, Marco Giunta <giu...@sissa.it> wrote:
>
but a better fix would be to disale the separator for these lookups. I think
something like this would work:
auth_master_user_separator = *
protocol quota-status {
# disable
auth_master_user_separator =
}
Thank you Timo, this works like a charms on 2.2.16; I'm waiting 2.2.19
to update my servers.
Marco
--
---
|Marco Giunta - SISSA Computer Staff|
|Via Bonomea, 265 |
|34136 - Trieste, Italy |
|Tel: +39-40-3787-503 |
|Fax: +39-040-3787-244 |
|e-mail: giu...@sissa.it|
---
Re: distuguish between different domains
On 28.09.2015 10:48, Andreas Meyer wrote: > Hello! > > Marco Fretz <marco.fr...@gmail.com> schrieb am 28.09.15 um 08:29:59 Uhr: > >> Hi Andreas, >> >> I'm not 100% sure what you're trying to accomplish. >> >> smtp_server in roundcube is the outgoing server (submission server, i.e. >> postfix). Mailbox is IMAP (dovecot). >> You can easily spawn 2 instances of dovecot, one serving aaa.de and one >> serving bbb.de on different IPs. > How do I do this? http://wiki2.dovecot.org/RunningDovecot I do this by creating a 2nd startup script / systemd service you can then use another dovecot config file and specify different listen IPs (and Ports). This is also useful for different SSL certs per domain / ip, etc. > >> What exactly is the problem with 2 domains on one dovecot? I mean user >> @aaa.de usually does not have the password for @bbb.de and vise versa. > What is irritating me is that when there are two domains served by > dovecot, in the client I can specify server.aaa.de although I have > an email-address u...@bbb.de and connect as such. > > For my understanding it should not be possible to connect to server > server.aaa.de with an address line u...@bbb.de and dovecot serves > the mailbox of that user. the dovecot service does not care about the server dns name. the dns name resolves to the IP address on the client (roundcube) and the client connects to the server. if the same dovecot instance listens to all / both IP address, client will end up on this dovecot instance and all valid user-password combinations are authorized. that's the way it has to be, otherwise virtual / mass virtual domain hosting would not be possible as you cannot spawn 1000 instances on the same machine (ok, in theory you could do that :D) > >> About the sending server in roundcube: I don't think there is a way to >> have a different submission server for different sender domains in >> roundcubde. But you could use the postfix configuration to map sender >> domains to different outgoing connection IPs. > Postfix is not the problem. It's the login into the IMAP-server that > is irritating me. Or am I completely wrong? > > Regards > > Andreas
Re: distuguish between different domains
Hi Andreas, I'm not 100% sure what you're trying to accomplish. smtp_server in roundcube is the outgoing server (submission server, i.e. postfix). Mailbox is IMAP (dovecot). You can easily spawn 2 instances of dovecot, one serving aaa.de and one serving bbb.de on different IPs. What exactly is the problem with 2 domains on one dovecot? I mean user @aaa.de usually does not have the password for @bbb.de and vise versa. About the sending server in roundcube: I don't think there is a way to have a different submission server for different sender domains in roundcubde. But you could use the postfix configuration to map sender domains to different outgoing connection IPs. Does this help? If not, please tell us more about what you're trying to do. regards Marco On 27.09.2015 19:53, Andreas Meyer wrote: > Hello! > > I asked myself wether it is possible to distinguish between > different doamins in dovecot so that a user only sees his > mailbox when he is connecting with us...@aaa.de specifying > the server with mail.aaa.de for example. > > So the server does not handout the mailbox for us...@bbb.de > when the client connects to mail.aaa.de as us...@bbb.de > > I have this problem with roundcube. Dovecot is responisble > for two domains. With roundcube I can login as us...@aaa.de > altough the client is configured like so: > $config['smtp_server'] = 'tls://mail.bbb.de'; > and I am landing in the mailbox of us...@aaa.de > > Is there a way to striktly differentiate between doamins? > Both domains have their own IP-addresses. > > Regards > > Andreas
Re: Problem with SHA2/Geotrust and dovecot 2.0.9
Hi, does the cert work if you open and output it as text with openssl command? not sure if 2.0.9 does support sha2, I think it should - I guess it actually depends on openssl libs not dovecot. On 08.09.2015 15:17, Il Neofita wrote: > Hi > I have renew my geotrust certificate using sha2, and I have problem with > Dovecot 2.0.9 and redhat 6.7. > The same certificate is working in Apache. > > The error is > > dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM > certificate. > > and the configuration file is > > ssl_cert= ssl_key = ssl_ca = > What I should do?
Re: Sieve and forward
Hi, I think the problem is you cannot resign the forwarded message... and if you keep the original sender domain it looses the signature? I'm not a DKIM guru though :-) Maybe just forward it as attachment from the users address... regards Marco On 18.09.2015 00:36, Il Neofita wrote: > Hi > I have already posted to the postfix group, however, I believe that sieve > and dovecot should be able to fix this problem. > When I receive a message from yahoo and the user forward it to a gmail or > yahoo acount this email is considered as spam or rejected. > From yahoo is rejected since it seems that I am try to send spam since the > email should be signed with dkim. > Is there a way to encpuslated or sign in some way. > > Thank you
Re: Multiple passwords for a user (SQL)
I managed to write a ugly but working checkpassword script for dovecot, having multiple passwords for a user. But now I found this: https://github.com/dweuthen/roundcube-application_passwords I think this is the better way to go. the crypt passwords are the biggest problem because you need the stored hash to generate the input hash. I know this is safer, but in my opinion SHA2 or what ever is best available hash in mysql something should do it as well. having application passwords is a bigger security advantage than having stronger hashes in the database. correct me if I'm wrong :-) best regards Marco On 06.10.2014 16:46, Marco Fretz wrote: > > Thank you Steffen, > > This sounds like a plan. checkpassword looks quite simple to use and I > could still use default userdb with dovecot-sql for userhome, quota, etc. > I'll give this a try. > > thanks > Marco > > Am 06.10.2014 13:52, schrieb Steffen Kaiser: > > On Mon, 6 Oct 2014, Marco Fretz wrote: > > >> corresponding user in the users table - one use has many passwords > (1:n). > >> for dovecot this means that it will get multiple rows with passwords > >> back from the "password_query". is there a way to tell dovecot to check > >> all those returned passwords and "pass" the request if one of those > >> passwords match? > > > I think no, but you could craft a PAM module and use the pam passdb or > supply a checkpassword script: > > > http://wiki2.dovecot.org/PasswordDatabase > > > -- Steffen Kaiser >
Re: bug in acl_defaults_from_inbox option
On 2015-09-07 23:10, Timo Sirainen wrote:
This happens to all boolean settings inside plugin {}. Not ideal, but
also not something that will get fixed without some larger settings code
changes.
ok, no problem, but I didn't find this note on Dovecot wiki; maybe it is
better to add it on a general page about configuration, to save future
sysadmin headaches ;-)
--
---
|Marco Giunta - SISSA Computer Staff|
|Via Bonomea, 265 |
|34136 - Trieste, Italy |
|Tel: +39-40-3787-503 |
|Fax: +39-040-3787-244 |
|e-mail: giu...@sissa.it|
---
sharing INBOX with ACL - share all folders
Hi at all,
I have a problem with ACL; I want to share INBOX and Sent folder to an
other user, but when I configure ACL on INBOX, all folders are shared
(Sent, Junk, Draft, Trash, etc)
# doveadm acl get -u janedoe INBOX
ID Global Rights
user=johndoeexpunge insert lookup post read write write-deleted
write-seen
# doveadm acl get -u janedoe Sent
ID Global Rights
user=johndoeexpunge insert lookup post read write write-deleted
write-seen
# doveadm acl get -u janedoe Trash
ID Global Rights
# doveadm acl get -u janedoe Drafts
ID Global Rights
# doveadm acl get -u janedoe Junk
ID Global Rights
# doveadm mailbox list -u johndoe
Trash
Junk
Drafts
Sent
Archives
Archives.2015
Other Users
Other Users.janedoe
Other Users.janedoe.Junk
Other Users.janedoe.Drafts
Other Users.janedoe.Sent
Other Users.janedoe.Trash
Other Users.janedoe.INBOX
INBOX
If I remove the INBOX ACL, only 'Sent' folder is shared, as expected:
# doveadm acl delete -u janedoe INBOX johndoe
# doveadm mailbox list -u provahe
Trash
Trash.saved-messages
Junk
Drafts
Sent
INBOX_spam
Archives
Archives.2015
Archives.2015.INBOX_spam
Other Users
Other Users.janedoe
Other Users.janedoe.Sent
INBOX
My Dovecot instance use a single user, and all my mailboxes use standard
maildir files:
drwx-- 9 vmail mail0 Jul 28 10:59 .
drwx-- 12 vmail mail 3864 Jul 28 09:39 ..
drwx-- 2 vmail mail0 Jul 28 09:51 cur
-rw--- 1 vmail mail0 Jul 28 10:59 dovecot-acl
-rw--- 1 vmail mail 16 Jul 28 10:59 dovecot-acl-list
-rw--- 1 vmail mail 1448 Jul 28 09:51 dovecot.index.cache
-rw--- 1 vmail mail 1016 Jul 28 09:52 dovecot.index.log
-rw--- 1 vmail mail 113 Jul 28 09:51 dovecot-uidlist
-rw--- 1 vmail mail8 Jul 28 09:39 dovecot-uidvalidity
-r--r--r-- 1 vmail mail0 Jul 28 09:39 dovecot-uidvalidity.55b731ac
drwx-- 5 vmail mail0 Jul 28 09:39 .Drafts
lrwxrwxrwx 1 vmail mail5 Jul 28 09:39 .INBOX_spam - .Junk
drwx-- 5 vmail mail0 Jul 28 09:39 .Junk
-rw--- 1 vmail mail 16 Jul 28 09:39 maildirsize
drwx-- 2 vmail mail0 Jul 28 09:51 new
drwx-- 5 vmail mail0 Jul 28 09:50 .Sent
-rw--- 1 vmail mail 37 Jul 28 09:39 subscriptions
drwx-- 2 vmail mail0 Jul 28 09:51 tmp
drwx-- 5 vmail mail0 Jul 28 09:39 .Trash
any clue to solve my problem ?? I've already try to play with
'acl_defaults_from_inbox' setting, but no way ..
Thank you,
Marco
# 2.2.15: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.6 (3e924b1b6c5c+)
# OS: Linux 2.6.18-400.1.1.el5 x86_64 Red Hat Enterprise Linux Server
auth_master_user_separator = *
auth_mechanisms = plain login
disable_plaintext_auth = no
doveadm_password =
doveadm_port = 12345
first_valid_uid = 200
hostname = xxx.sissa.it
imap_client_workarounds = delay-newmail
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header = X-Original-To
listen = *
login_log_format_elements = user=%u PID=%p method=%m rip=%r lip=%l %c
login_trusted_networks = XXX.XXX.1.172/30 XXX.XXX.24.0/23
mail_gid = mail
mail_home = /var/spool/mail/%1n/%n
mail_location =
maildir:/var/spool/mail/%1n/%n:INDEX=/var/shared/indexes/%1n/%n
mail_plugins = acl fts fts_solr mailbox_alias quota
mail_shared_explicit_inbox = yes
mail_uid = vmail
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate imapflags notify
mbox_write_locks = fcntl
mmap_disable = yes
namespace archives {
hidden = no
inbox = no
list = children
location =
maildir:/var/spool/archives/%1n/%n:INDEX=/var/shared/indexes/%1n/%n/archives
mailbox 2015 {
auto = subscribe
special_use = \Archive
}
prefix = Archives.
separator = .
subscriptions = no
type = private
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox INBOX_spam {
auto = subscribe
special_use = \Junk
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = .
}
namespace others {
list = children
location =
maildir:/var/spool/mail/%%1n/%%n:INDEXPVT=/var/shared/indexes/%1n/%n/shared/%%n
prefix = Other Users.%%n.
separator = .
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=300
acl_defaults_from_inbox = no
acl_shared_dict = file:/var/shared/dovecot/shared-mailboxes.dict
fts
bug in acl_defaults_from_inbox option
Hi at all,
there is a bug in in acl_defaults_from_inbox option: if you define it
with ANY value ('yes', 'no', 'whatyouwant', 'xxx') it acts like the
value is ALWAYS 'yes', and Dovecot enable it; the only way to disable
it, is comment it or delete from configuration file.
With 'acl_defaults_from_inbox = no', or 'acl_defaults_from_inbox =
whatyouwant', all my folders get ACLs from INBOX; in my case I want to
only share INBOX, but also all other folders were shared.
When you comment 'acl_defaults_from_inbox', Dovecot works like expected.
Marco
# 2.2.15: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.6 (3e924b1b6c5c+)
# OS: Linux 2.6.18-400.1.1.el5 x86_64 Red Hat Enterprise Linux Server
auth_master_user_separator = *
auth_mechanisms = plain login
disable_plaintext_auth = no
doveadm_password =
doveadm_port = 12345
first_valid_uid = 200
hostname = xxx.sissa.it
imap_client_workarounds = delay-newmail
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header = X-Original-To
listen = *
login_log_format_elements = user=%u PID=%p method=%m rip=%r lip=%l %c
login_trusted_networks = XXX.XXX.1.172/30 XXX.XXX.24.0/23
mail_gid = mail
mail_home = /var/spool/mail/%1n/%n
mail_location =
maildir:/var/spool/mail/%1n/%n:INDEX=/var/shared/indexes/%1n/%n
mail_plugins = acl fts fts_solr mailbox_alias quota
mail_shared_explicit_inbox = yes
mail_uid = vmail
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate imapflags notify
mbox_write_locks = fcntl
mmap_disable = yes
namespace archives {
hidden = no
inbox = no
list = children
location =
maildir:/var/spool/archives/%1n/%n:INDEX=/var/shared/indexes/%1n/%n/archives
mailbox 2015 {
auto = subscribe
special_use = \Archive
}
prefix = Archives.
separator = .
subscriptions = no
type = private
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox INBOX_spam {
auto = subscribe
special_use = \Junk
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = .
}
namespace others {
list = children
location =
maildir:/var/spool/mail/%%1n/%%n:INDEXPVT=/var/shared/indexes/%1n/%n/shared/%%n
prefix = Other Users.%%n.
separator = .
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=300
acl_defaults_from_inbox = no
acl_shared_dict = file:/var/shared/dovecot/shared-mailboxes.dict
fts = solr
fts_autoindex = yes
fts_autoindex_max_recent_msgs = 20
fts_solr = url=http://solr.localdomain:8080/solr/
mailbox_alias_new = INBOX_spam
mailbox_alias_old = Junk
quota = maildir:User quota:ns=
quota2 = maildir:Archive quota:ns=Archives.
quota2_rule = *:storage=20GB
quota2_warning = storage=95%% quota2-warning 95 %u
quota2_warning2 = storage=90%% quota2-warning 90 %u
quota2_warning3 = storage=80%% quota2-warning 80 %u
quota_rule = *:storage=5GB
quota_rule2 = Trash:storage=+20%%
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Quota exceeded (mailbox for user
is full)
quota_status_success = DUNNO
quota_warning = storage=100%% quota-warning 100 %u
quota_warning2 = storage=95%% quota-warning 95 %u
quota_warning3 = storage=90%% quota-warning 90 %u
quota_warning4 = storage=80%% quota-warning 80 %u
sieve = file:~/sieve;active=~/sieve/.dovecot.sieve
sieve_default = /etc/dovecot/sieve/dovecot.sieve
sieve_extensions = +notify +imapflags
sieve_max_redirects = 16
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
postmaster_address = postmas...@sissa.it
protocols = imap pop3 lmtp sieve
rejection_reason = Your message to %t was automatically rejected for
the following reason: %n%n%r
service auth {
inet_listener {
port = 49494
}
unix_listener auth-userdb {
user = vmail
}
}
service dict {
unix_listener dict {
user = vmail
}
}
service doveadm {
inet_listener {
port = 26001
}
}
service imap-login {
process_min_avail = 16
service_count = 0
}
service imap {
process_limit = 2048
}
service lmtp {
inet_listener lmtp {
port = 24
}
process_min_avail = 5
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
process_min_avail = 16
service_count = 0
vsz_limit = 256 M
}
service quota-status {
client_limit = 1
Re: sharing INBOX with ACL - share all folders
Hi Chris,
fortunately I've solved the problem with INBOX sharing: there is a bug
with option 'acl_defaults_from_inbox'. When you define it with ANY value
('yes', 'no', 'whatyouwant', 'xxx') it acts like the value is ALWAYS
'yes', the only way to disable it, is comment it or delete from
configuration file.
My Maildir directories and files are all owned by the UNIX user that
owns the file.
to avoid problems with acl, mailbox sharing and so on, I've changed my
configuration from different UNIX users to a single virtual user some
years ago
Is having it all running as one [UNIX] user a typical configuration
for dovecot2? Or just typical of installations using ACLs?
I don't know if is typical or not, but it is very simple, and till now I
didn't seen any particular problem
My configuration is attached in the first email; if you need some
explanation, let me know.
Marco
On 2015-07-28 16:38, Chris Ross wrote:
On Jul 28, 2015, at 05:13, Marco Giunta giu...@sissa.it wrote:
Hi at all,
I have a problem with ACL; I want to share INBOX and Sent folder to an other
user, but when I configure ACL on INBOX, all folders are shared (Sent, Junk,
Draft, Trash, etc)
Hello, Marco. Unfortunately I don’t know why you are seeing the behavior
you are, and hope that someone else will be able to help.
However, you seem to have accomplished something I’m wanting to do, and have
as yet been unable to get working. I have a Users INBOX that I want to share
to other users, but something is wrong with the way I’ve configured ACLs and
sharing.
Perhaps we could discuss off-list more of what your configuration looks
like, and how you got there? I’m running on FreeBSD with the ports system
version of dovecot2 2.2.16, currently, although I think I’m due an upgrade.
You say you’re have My Dovecot instance use a single user”, and I think
that’s different than I. My Maildir directories and files are all owned by the UNIX
user that owns the file. Maybe this is causing me the permissions problems I’m
seeing. Is having it all running as one [UNIX] user a typical configuration for
dovecot2? Or just typical of installations using ACLs?
Thank you.
- Chris
--
---
|Marco Giunta - SISSA Computer Staff|
|Via Bonomea, 265 |
|34136 - Trieste, Italy |
|Tel: +39-40-3787-503 |
|Fax: +39-040-3787-244 |
|e-mail: giu...@sissa.it|
---
Multiple passwords for a user (SQL)
Hi everyone, I'm not sure if this has been discuessed already as I coun't find anything in the archives - maybe I'm looking for the wrong thing. I want to build something similar to googles app passwords where your use a different password (strong, auto generated) for each device / app. In general I think this is pretty easy on the database side as I just need a password table and link say the passwords with an user_id to the corresponding user in the users table - one use has many passwords (1:n). for dovecot this means that it will get multiple rows with passwords back from the password_query. is there a way to tell dovecot to check all those returned passwords and pass the request if one of those passwords match? thank you, best regards Marco
Re: Multiple passwords for a user (SQL)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thank you Steffen, This sounds like a plan. checkpassword looks quite simple to use and I could still use default userdb with dovecot-sql for userhome, quota, etc. I'll give this a try. thanks Marco Am 06.10.2014 13:52, schrieb Steffen Kaiser: On Mon, 6 Oct 2014, Marco Fretz wrote: corresponding user in the users table - one use has many passwords (1:n). for dovecot this means that it will get multiple rows with passwords back from the password_query. is there a way to tell dovecot to check all those returned passwords and pass the request if one of those passwords match? I think no, but you could craft a PAM module and use the pam passdb or supply a checkpassword script: http://wiki2.dovecot.org/PasswordDatabase -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJUMqs9AAoJEKxm7Ju3UATuwIcP/jOLvioR1EsJCkhsHMG2GgoV bvafQznk8KOhTcTW0X3CrPRoV7D7Lmotw+2W3Z/YFR9w48ra/Tlf25PRGg7tv+KE Wx5xTFKZDzoXgW3Nn7Jg0ylBvgYTQQRFEZWBbwn+N/7hMfHagw0H66iaMqw3LV6A d6BnxjHI+Iq1w7EPPpplsMeqLMxSEbv1t7YrqC5n/ydnllRe7j4WFbkMYywAYxR5 WN8SfhuhvxFec3nSOftCVbVvVSFsAPN/n2OYxgVl5LvgLUdI9NUyqpxA/Rj2KVhb +V+/NB/TKEpIBe1Byeb1W8cLeijmgDWXiEQQhG8+3ld21cabqEyQvrRN93FJzHBx n71NTpNul98bZW4BPh4U2uzJMdDzbo8aD5WMJFwczrLwDj/CNhU2W2gh14F4AyhG W9eNRXn9ntdJ2hxhlCb8csLMf9rHd/XgzZkfGEzyvJKPRDONdD7HslP3gFAKo0du xoGe6fw3FJuGg16KkRFWE/dE25fk2y34iliqS1G3j4owMlj79pLV1JsDDI5A1heV f3JNUfMhb1b5lGAI31YoqG5/Ls/0bkMUT6p+BU2ZezYFAUSA2M3EwpsaJkwyu7Ov YTbAG7JOzp7dp/bk6R1PGg11qc9yDHBS4Rm4J+rdLFZ3ibImZ/+0Meb1pRbKLGwV iRaVYK07ag276MQqoLg3 =krqF -END PGP SIGNATURE-
[Dovecot] virtual mailboxes folder structure
Hi, I am trying to find a way to list my virtual mailboxes hiding the namespace prefix into my imap client. Fore example now my “All” mailbox is listed under virtual/ as: Inbox Sent Drafts Spam Trash - virtual All I would like to list as this: Inbox Sent Drafts Spam Trash All This is my 10-mail.conf: http://pastebin.com/DumEbbmy and this is my 15-mailboxes.conf: http://pastebin.com/QFzWGzyC I thought that the list = children paramenter would do but it did not. Thank you
[Dovecot] virtual mailboxes folder structure
Hi, I am trying to find a way to list my virtual mailboxes hiding the namespace prefix into my imap client. Fore example now my “All” mailbox is listed under virtual/ as: Inbox Sent Drafts Spam Trash virtual All I would like to list as this: Inbox Sent Drafts Spam Trash All This is my 10-mail.conf: http://pastebin.com/DumEbbmy and this is my 15-mailboxes.conf: http://pastebin.com/QFzWGzyC I thought that the list = children paramenter would do but it did not. Thank you
[Dovecot] virtual mailboxes folder structure
Hi, I am trying to find a way to list my virtual mailboxes hiding the namespace prefix into my imap client. Fore example now my “All” mailbox is listed under virtual/ as: Inbox Sent Drafts Spam Trash virtual All I would like to list as this: Inbox Sent Drafts Spam Trash All This is my 10-mail.conf: http://pastebin.com/DumEbbmy and this is my 15-mailboxes.conf: http://pastebin.com/QFzWGzyC I thought that the list = children paramenter would do but it did not. Thank you
[Dovecot] Grant access for Unix-User _and_ virtual Users
Hi group, I have installed a postfix as an MTA and configured two main domains as well as two virtual mailbox domains. Normal unix users have their maildir in their homes (/home/%u) and the virtual mailboxes are located in /var/mail/vhosts. It works well, I only have a problem configuring dovecot. I wondered if it's possible to configure it in a way that both, unix users and virtual users, can access their mailboxes. I found some tutorials but they either give access to the normal unix users or to virtual users who are defined in a text file. Here some system infos: - Ubuntu 12.04.2 LTS (Kernel Version: 3.2.0-23) - Dovecot Version: 2.0.19 Hope you understand my problem. Cheers, Marco PS: It's the very first time I use a mailing list, so I hope you can forgive me possible beginner's mistakes.
Re: [Dovecot] Grant access for Unix-User _and_ virtual Users
Hi,
In Dovecot you configure one or more password databases and one or
more user databases.
s. http://wiki2.dovecot.org/Authentication/MultipleDatabases
that covers system user + virtual users.
Thank you very much. That is exactly that I searched for.
Or you can use the static userdb for virtual users and passwd
userdb for system users, but place userdb passwd { } before userdb
static { }.
I think the static version is comfortable for me. Thanks again for your
advice.
Later, when you know more about Dovecot, you can make the config more
efficient.
I hope so. This whole mailserver issue is very interesting but also
difficult for beginners.
Cheers, Marco
Re: [Dovecot] Log successful login plain text password
On 08/28/2013 10:36 AM, wk...@yahoo.com wrote: Maybe you can find a way in this direction http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes This looks interesting. Looks like I could automate also a lot of other stuff this way, e.g. imap syncing accounts to new server, etc. I found out that auth_debug_passwords=yes does log passwords (also successful logins) in proxy mode. But it does not in normal imap/pop server mode, or I did something wrong... It logs something like this: Aug 28 11:13:03 barney dovecot: auth: Debug: client out: OK#0111#011user=ma...@example.com#011host=imap.example.com#011nologin#011proxy#011pass=CLEARPASWORD where CLEARPASWORD is the plain text password.that's pretty much what I need. but using some postlogin script might be the more beautiful way... thanks you all for the responses. all the best On 28.08.2013, at 09:14, Marco Fretz wrote: On 08/28/2013 09:08 AM, wk...@yahoo.com wrote: Hi Marco when running dovecot -a you will find auth_* I think you could you auth_verbose_passwords to fit your needs. thanks. I've already tried this, but it doesn't log the password on successful logins, only when there is password missmatch: from the conf / manual: # In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. #auth_verbose_passwords = no any other ideas? :) all the best On 28.08.2013, at 08:57, Marco Fretz wrote: Hi everyone, I want to use dovecot as a IMAP and POP3 proxy in front of our current E-Mail hosting server to log the plain text passwords of all successful logins for migration reasons. Actually I don't need the password to see in plain text, storing them as SHA256-CRYPT (or something dovecot can use later for auth) hash in a file or DB would be fine, too. I need this for the migration from the current mail server (using proprietary hashing to store passwords) to a new postfix / dovecot base mail system. I played around with auth_debug_passwords and all debug / logging options I found in the manual. Nothing logs successful login plaintext passwords. Any hint welcome. Thanks a lot, Marco
[Dovecot] Log successful login plain text password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi everyone, I want to use dovecot as a IMAP and POP3 proxy in front of our current E-Mail hosting server to log the plain text passwords of all successful logins for migration reasons. Actually I don't need the password to see in plain text, storing them as SHA256-CRYPT (or something dovecot can use later for auth) hash in a file or DB would be fine, too. I need this for the migration from the current mail server (using proprietary hashing to store passwords) to a new postfix / dovecot base mail system. I played around with auth_debug_passwords and all debug / logging options I found in the manual. Nothing logs successful login plaintext passwords. Any hint welcome. Thanks a lot, Marco -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSHZ9tAAoJEKxm7Ju3UATui2cP/A3cf2TrNvOjjtP1TCgZZ5EC igsgngPlKiXU/RwHO9shBLXUyhKDHPGihNf9KL/RjoFnrgX1asPd/RF/2b080IU3 bNO49BLs8QqoroKz5E+TL8UNixlO5YQjnerKfJ5GIJbSUTC3MaxmN62Cl9jEaTWu 4dX3MXoB3ghoxt6FETSLXz6cEXsGd6KvqxolQC13NYtvpZED+qk7z3RywK8Xp/Au Ipx3xEnDRc/YvG3PeJlsjF9Ge80GxVVH0nudNOV/zmyuNfh4PkPRerk1R4Px01zI sxnXvcNjjenCJ6DMKBmOCyBii9Wl9i4opw9k4X4Z6MFEZGiodRz1usKWJMT0VqUG NBEJDOWsoWpasWMCtduBRrNQS3JI+o1tebDAI5n3K4lJ2d27+nosDvdQ8vNlVszM 8nhSn228RQNy9SJZNAvspOYQBM2gt5IQyWGA4jhrMUkwKeTfHZik8vh8lEcwbK9q H6Myue+i+G8wVa57F1V7/7x2LNGn56BWxTDlBrtKdK3KphCgEoCny/f5VYerO8It MnCMLPXI2oCC8qqkK7x45SYSe/eQhgV93LHpI5z25TqyeJ6R+7dglderRDQcNN0n OtbYMYkqlF8xJ4k+rVFwOC5VD7Bq+S2Q4LyLEf7wFH32Dc12pI/SnAL8DPvkNgbL FshgaVOXUEkb0WhnvROl =oEzx -END PGP SIGNATURE-
Re: [Dovecot] Log successful login plain text password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/28/2013 09:08 AM, wk...@yahoo.com wrote: Hi Marco when running dovecot -a you will find auth_* I think you could you auth_verbose_passwords to fit your needs. thanks. I've already tried this, but it doesn't log the password on successful logins, only when there is password missmatch: from the conf / manual: # In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. #auth_verbose_passwords = no any other ideas? :) all the best On 28.08.2013, at 08:57, Marco Fretz wrote: Hi everyone, I want to use dovecot as a IMAP and POP3 proxy in front of our current E-Mail hosting server to log the plain text passwords of all successful logins for migration reasons. Actually I don't need the password to see in plain text, storing them as SHA256-CRYPT (or something dovecot can use later for auth) hash in a file or DB would be fine, too. I need this for the migration from the current mail server (using proprietary hashing to store passwords) to a new postfix / dovecot base mail system. I played around with auth_debug_passwords and all debug / logging options I found in the manual. Nothing logs successful login plaintext passwords. Any hint welcome. Thanks a lot, Marco -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSHaM2AAoJEKxm7Ju3UATuaDcQAIIisd1T999xbuP8fBP19gAV c0/rMGZxy69P2QLp7Y3Lwn6LXXeAiICFWRBtXkoOsVzGXazM+IB6OMr2H3Xa/37v kyO3nfS9+nD3crzPIVM6pQKnDH5ON8Jwr1Y7pufnwb5cvxZzrcB4hZk+dFcLu9eN wwAAB0mRuT1b3gqnX8rtVqqDQPF+vgefrEDEDxysO7fq7I+RlWsbHDKV4porGkd8 3mf+PoQ+QmStgMyVh906taGpainYaARe0O5yoeAO/5/jTOODrzT6vcwv4ffDcp/p NGZUtpomPw9+C4/BXBwPPlYcUNCktaxpVFp5LyBnOLs9WckDZzNpzD0m/HjvFmEI WvgFh3QPK1APTKwsLD1YArfHGqs7/tJRhPDPTI9oO7Y55WP6hJvMNNji0eihDwoG SO7dQkfs/3jIx0AwNN/2M/cT/zBTCPsuqyhAimRMStxR/TYbp9pXxBwAjRv16NS5 NwoL0nXnyPUt+l3deYiYF+wMJG8LVVn11UXTrwEJ7hzIfkiOs9EHKAdKznw74ryl FaqVL3D52cLdYUpfVVj1GaLQT+eIxP9uRbzIKLGzTR6bYWYX4W3YwflicPt9HozH 5H/1eiXXbEu44/h5jbZ2+AAncwsLomBC5fJYRiyZVZcXSozpRFhKkk5q7LSwZtVM WgX/qVgpWSKAsuTPbgtG =C9DH -END PGP SIGNATURE-
[Dovecot] multiple passdbs and auth sockets
I have a few systems which run dovecot 1.x as the authentication backend
for Postfix, with multiple auth { } sections like this one, each one
with a different passdb and its own socket:
auth ldap-10 {
passdb ldap {
args = /etc/dovecot/dovecot-ldap-10.conf
}
socket listen {
client {
path = /var/spool/postfix/private/auth-10
mode = 0666
}
}
}
I need multiple sockets tied to multiple dbs because there are duplicated
accounts, but after switching to dovecot 2.1.7 apparently *all* passdbs
are checked and dovecot reports this message:
Warning: Obsolete setting in /etc/dovecot/conf.d/auth-local.conf.ext:91: add
auth_ prefix to all settings inside auth {} and remove the auth {} section
completely
doveconf shows that all my custom sockets are now part of a single
service auth { } section, while all the passdbs appear at the top
level.
How can I update my configuration for dovecot 2.x?
--
ciao,
Marco
Re: [Dovecot] Per-user seen flags for public read-only mailboxes
On 2013-03-25 09:11, Guido Berhoerster wrote: How can I get per-user SEEN flags to work? Hi, You have to create an empty file named '**dovecot-shared' in your '/srv/mail/public/' directory. Here the reference on dovecot wiki: http://wiki2.dovecot.org/SharedMailboxes/Public?highlight=%28dovecot-shared%29#Maildir:_Per-user_.2BAFw-Seen_flag I've waste a lot of time first time I've configure the same thing on our server Cheers, Marco -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it | ---
Re: [Dovecot] Per-user seen flags for public read-only mailboxes
On 2013-03-25 11:07, Guido Berhoerster wrote:
Anything else I have to do
to allow seen flags to be set?
I've the same configuration and it works like expected :
mail_uid = vmail
mail_gid = mail
namespace public {
separator = /
prefix = Public/
location = maildir:/path/to/public:INDEX=/path/to/indexes/%u/public
subscriptions = no
list = children
}
Which are the permissions of file '/srv/mail/public/dovecot-shared' ???
Did you try with a new user ??
Marco
--
---
|Marco Giunta - SISSA Computer Staff|
|Via Bonomea, 265 |
|34136 - Trieste, Italy |
|Tel: +39-40-3787-503 |
|Fax: +39-040-3787-244 |
|e-mail: marco.giunta AT sissa.it |
---
Re: [Dovecot] Dovecot LDA LDAP lookups on samba4 server ends very often in timeouts (Christian Wiese)
Dear Christian thank you very much - you got it at the very first shot: modified /etc/ openldap/ldap.conf adding REFERRALS off en everything works without issues now many thanks Marco Carcano
[Dovecot] Dovecot LDA LDAP lookups on samba4 server ends very often in timeouts
I hope that someone will be so kind to help me into solving this really strange thing (don't know if it is a bug or not) I have a samba4 server and want to use postfix+dovecot - dovecot version is 2.0.11 as for the postfix side everything is OK (all the LDAP lookups works without any error, tested also manually with postmap -q) the real pain is with dovecot deliver: it seems that sometimes lda tries to lookup to the LDPA (samba 4) server, got a reply, an then report(after 2 minutes) a lookup timeout error the really strange thing is that (very seldom) lda works, but most of the times I got the timeout error. The strange thing is that if I use ldapsearch I never got timeout neither late replies, and even postfix performs its lookups without any issue it seems something related to lda itself (I do not know if I have a wrong configuration, but I think this is not a configuration issue, otherwise it should not work at all) here are the information logged when it does not work - after this log you will find the one when I got the failure (if needed I can provide a .pcap file too) (trailing and leading spaces of AT charcater has been added by me) ## FAULTY DELIVER LOG # Feb 20 12:20:50 sng02 postfix/smtpd[8928]: connect from localhost[127.0.0.1] Feb 20 12:21:14 sng02 postfix/smtpd[8928]: A38D4407F5: client=localhost[127.0.0.1] Feb 20 12:21:20 sng02 postfix/cleanup[8891]: A38D4407F5: warning: header Subject: prova from localhost[127.0.0.1]; from=marco @ senderdomain.tld to=mac @ mydomain.com proto=SMTP helo=senderdomain.tld Feb 20 12:21:20 sng02 postfix/cleanup[8891]: A38D4407F5: message-id=20130220112114.A38D4407F5 @ srv01.mydomain.local Feb 20 12:21:20 sng02 postfix/qmgr[8889]: A38D4407F5: from=marco @ senderdomain.tld, size=371, nrcpt=1 (queue active) Feb 20 12:21:20 sng02 dovecot: lda: Debug: Loading modules from directory: /usr/lib64/dovecot Feb 20 12:21:20 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Feb 20 12:21:20 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib20_expire_plugin.so Feb 20 12:21:20 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib90_sieve_plugin.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_bind Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_simple_bind Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_sasl_bind Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_send_initial_request Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_new_connection 1 1 0 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_int_open_connection Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_connect_to_host: TCP localhost:389 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_new_socket: 16 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_prepare_socket: 16 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_connect_to_host: Trying ::1 389 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_pvt_connect: fd: 16 tm: -1 async: 0 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_open_defconn: successful Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_send_server_request Feb 20 12:21:20 sng02 dovecot: auth: Debug: master in: USER#0111#011marco.carcano#011service=lda Feb 20 12:21:20 sng02 dovecot: auth: Debug: password(marco.carcano): passdb doesn't support credential lookups Feb 20 12:21:20 sng02 dovecot: auth: Error: static(marco.carcano): passdb doesn't support lookups, can't verify user's existence Feb 20 12:21:20 sng02 dovecot: auth: Debug: ldap(marco.carcano): user search: base=DC=mydomain,DC=local scope=subtree filter=(sAMAccountname=marco.carcano) fields=Mailbox,dovecotMailQuota Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_result ld 0x6cba60 msgid -1 Feb 20 12:21:20 sng02 dovecot: auth: Error: wait4msg ld 0x6cba60 msgid -1 (timeout 0 usec) Feb 20 12:21:20 sng02 dovecot: auth: Error: wait4msg continue ld 0x6cba60 msgid -1 all 0 Feb 20 12:21:20 sng02 dovecot: auth: Error: ** ld 0x6cba60 Connections: Feb 20 12:21:20 sng02 dovecot: auth: Error: * host: localhost port: 389 (default) Feb 20 12:21:20 sng02 dovecot: auth: Error: refcnt: 2 status: Connected Feb 20 12:21:20 sng02 dovecot: auth: Error: last used: Wed Feb 20 12:21:20 2013 Feb 20 12:21:20 sng02 dovecot: auth: Error: Feb 20 12:21:20 sng02 dovecot
Re: [Dovecot] Dovecot LDA LDAP lookups on samba4 server ends very often in timeouts
just to complete the informations of this thread, here is the log of a mail delivered succesfully (trailing and leading spaces of AT charcater has been added by me) ## MAIL SUCCEFFULLY DELIVERED LOG # Feb 19 17:41:01 sng02 postfix/smtpd[4006]: connect from localhost[127.0.0.1] Feb 19 17:41:28 sng02 postfix/smtpd[4006]: 95659407F5: client=localhost[127.0.0.1] Feb 19 17:41:36 sng02 postfix/cleanup[4011]: 95659407F5: warning: header Subject: prova from localhost[127.0.0.1]; from=marco @ senderdomain.tld to=mac @ mydomain.com proto=SMTP helo=senderdomain.tld Feb 19 17:41:36 sng02 postfix/cleanup[4011]: 95659407F5: message-id=20130219164128.95659407F5 @ srv01.mydomain.local Feb 19 17:41:36 sng02 postfix/qmgr[3992]: 95659407F5: from=marco @ senderdomain.tld, size=371, nrcpt=1 (queue active) Feb 19 17:41:36 sng02 dovecot: lda: Debug: Loading modules from directory: /usr/lib64/dovecot Feb 19 17:41:36 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Feb 19 17:41:36 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib20_expire_plugin.so Feb 19 17:41:36 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib90_sieve_plugin.so Feb 19 17:41:36 sng02 dovecot: auth: Debug: master in: USER#0111#011marco.carcano#011service=lda Feb 19 17:41:36 sng02 dovecot: auth: Debug: password(marco.carcano): passdb doesn't support credential lookups Feb 19 17:41:36 sng02 dovecot: auth: Error: static(marco.carcano): passdb doesn't support lookups, can't verify user's existence Feb 19 17:41:36 sng02 dovecot: auth: Debug: ldap(marco.carcano): user search: base=DC=mydomain,DC=local scope=subtree filter=(sAMAccountname=marco.carcano) fields=Mailbox,dovecotMailQuota Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap(marco.carcano): Connection appears to be hanging, reconnecting Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_unbind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_request (origid 2, msgid 3) Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_request (origid 2, msgid 2) Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_connection 1 1 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_send_unbind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_connection: actually freed Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_connection 1 1 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_send_unbind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_connection: actually freed Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_create Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_bind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_simple_bind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_sasl_bind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_send_initial_request Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_new_connection 1 1 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_int_open_connection Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_connect_to_host: TCP localhost:389 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_new_socket: 16 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_prepare_socket: 16 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_connect_to_host: Trying ::1 389 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_pvt_connect: fd: 16 tm: -1 async: 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_open_defconn: successful Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_send_server_request Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_result ld 0x666a60 msgid -1 Feb 19 17:41:36 sng02 dovecot: auth: Error: wait4msg ld 0x666a60 msgid -1 (timeout 0 usec) Feb 19 17:41:36 sng02 dovecot: auth: Error: wait4msg continue ld 0x666a60 msgid -1 all 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ** ld 0x666a60 Connections: Feb 19 17:41:36 sng02 dovecot: auth: Error: * host: localhost port: 389 (default) Feb 19 17:41:36 sng02 dovecot: auth: Error: refcnt: 2 status: Connected Feb 19 17:41:36 sng02 dovecot: auth: Error: last used: Tue Feb 19 17:41:36 2013 Feb 19 17:41:36 sng02 dovecot: auth: Error: Feb 19 17:41:36 sng02 dovecot: auth: Error: Feb 19 17:41:36 sng02 dovecot: auth: Error: ** ld 0x666a60 Outstanding Requests: Feb 19 17:41:36 sng02 dovecot: auth: Error: * msgid 1, origid 1, status InProgress Feb 19 17:41:36 sng02 dovecot: auth: Error:outstanding referrals 0, parent count 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ld 0x666a60 request count 1 (abandoned 0) Feb 19 17:41:36 sng02 dovecot: auth: Error: ** ld 0x666a60 Response Queue: Feb 19 17:41:36 sng02 dovecot: auth: Error:Empty Feb 19 17:41:36 sng02 dovecot: auth: Error: ld 0x666a60 response count 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_chkResponseList ld 0x666a60 msgid -1 all 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_chkResponseList returns ld 0x666a60 NULL Feb 19 17:41:36 sng02 dovecot: auth: Error
Re: [Dovecot] statistics on proxy ???
On 2013-02-18 15:15, Timo Sirainen wrote: Nope, sorry. Dovecot proxy is very dummy and can't provide any but the most basic statistics, like number of connections, which you can get another way. are you talking about 'doveadm proxy list' or I'm missing something ??? Marco -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it | ---
[Dovecot] statistics on proxy ???
Hi at all,
could I have imap statistics on my dovecot proxy server ??
Here my config:
# 2.1.13: /etc/dovecot/dovecot.conf
...
mail_plugins = stats
...
plugin {
...
stats_refresh = 30 secs
stats_track_cmds = yes
}
...
service stats {
fifo_listener stats-mail {
mode = 0666
}
}
...
protocol imap {
...
mail_plugins = stats imap_stats
}
File '/var/run/dovecot/stats' is always 0 byte:
# ls -la /var/run/dovecot/stats
srw---. 1 root root 0 Feb 18 14:24 /var/run/dovecot/stats
and 'dovecotadm' say always:
# doveadm stats dump session
doveadm(root): Info: no statistics available
Is there something wrong in my config, or stats are not available on
proxy ???
Cheers,
Marco
Re: [Dovecot] dovecot 2.1.13, proxy and nologin extras field
On 2013-01-24 09:07, Thomas Leuxner wrote: It needs to be either 'nologin=y' notice the y passed or 'allow_nets='. The problem is that even if I configure 'pass_attrs' to return always 'nologin=y' : pass_attrs = uid=user,userPassword=password,\ =userdb_home=/var/spool/mail/%1u/%u,uidNumber=userdb_uid,gidNumber=userdb_gid,\ =proxy=y,=host=imap.sissa.it,\ =nologin=y,=reason=Reason users are allowed to login: Jan 23 09:16:33 localhost dovecot: auth: Debug: client passdb out: OK#0111#011user=prova#011proxy#011host=imap.example.it#011nologin#011hostip=192.168.11.136#011pass=password It is something wrong in my 'pass_attrs' ??? Marco
Re: [Dovecot] dovecot 2.1.13, proxy and nologin extras field
On 2013-01-24 11:59, Timo Sirainen wrote: On Wed, 2013-01-23 at 13:44 +0100, Marco Giunta wrote: Hi at all, in our test environment, I'm playing with dovecot 2.1.13 configured as imap/pop/managesieve proxy. It is configured to authenticate users with ldap and it works very well. Now, I'd like to temporary disable some users's login, because we are moving to another storage, and I wouldn't stop imap service at all. I've found on Dovecot wiki that I could use 'nologin' extra field, but I wasn't been able to get it work. My dovecot configuration is: nologin field doesn't work with proxying. You'd have to return neither proxy nor host field. With host+nologin it would be treated as a login referral: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Host Of course it would be possible to add yet another check where proxy+host +nologin returned would be treated in yet another way, but that gets too confusing.. I guess it was a mistake to use nologin for login referrals in the first place. And I guess just about no one uses them anyway. So them, so it would be possible to change this behavior.. Ok, thank you for the explanation. In this case, I'll use a 'deny' passdb or a different ldap filter ... Cheers, Marco -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it | ---
[Dovecot] dovecot 2.1.13, proxy and nologin extras field
: /usr/lib64/dovecot/auth
Jan 22 18:28:32 localhost dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libauthdb_ldap.so
Jan 22 18:28:32 localhost dovecot: auth: Debug: auth client connected
(pid=3178)
Jan 22 18:28:32 localhost dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=imap#011lip=192.168.129.109#011rip=192.168.44.31#
011lport=143#011rport=53218
Jan 22 18:28:32 localhost dovecot: auth: Debug: client out: CONT#0111#011
Jan 22 18:28:32 localhost dovecot: auth: Debug: client in:
CONT#0111#011AHByb3ZhZm0AY2hlcGFsbGU=
Jan 22 18:28:32 localhost dovecot: auth: Debug:
ldap(prova,192.168.44.31): pass search: base=ou=People,dc=example,dc=it
scope=subtree filt
er=((objectClass=qmailUser)(uid=prova)(accountStatus=active))
fields=uid,userPassword,uidNumber,gidNumber
Jan 22 18:28:32 localhost dovecot: auth: Debug:
auth(prova,192.168.44.31): allow_nets: Matching for network 127.0.0.0/8
Jan 22 18:28:32 localhost dovecot: auth: passdb(prova,192.168.44.31):
allow_nets check failed: IP not in allowed networks
Jan 22 18:28:32 localhost dovecot: auth: Debug:
ldap(prova,192.168.44.31): result: uid=prova uidNumber=2944
gidNumber=650 userPassword={MD5}BjbsTtSovGGs1csswBTI7Q==
Jan 22 18:28:34 localhost dovecot: auth: Debug: client out:
FAIL#0111#011user=prova
I don't understand what is wrong with my configuration with 'nologin'.
Do someone have any clue ??
Cheers,
Marco
[Dovecot] problems with quota and clients
Hi, I had configured dovecot in a pretty standard way and had it working
nicely enough with maildir quotas (no tests done apart for reaching the
quota and looking at mails coming back). Still I wanted to have the
quota and the actual quota usage displayed in postfixadmin (3.5) but I
think I messed with something. Now I can connect to the mailbox, send
mail, receive mail, see the quota usage in postfixadmin but:
* thunderbird: can create a subfolder if i do so by hand from the
client. But if I try sending a mail i get a [TRYCREATE] mailbox error as
it seems that thunderbird can't create the Sent box anymore by its own;
* thunderbird: when i delete mail, it goes in the trash folder. I try
then to delete it from there. In thunderbird indeed I see no mail
anymore but the quota level remain the same. Then I try to browser the
mail directory and... yep, all the messages are still there! How come?
This is the output of dovecot -n and the relevant sql configuration :
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-33-generic i686 Ubuntu 12.04.1 LTS ext4
auth_mechanisms = plain login
auth_realms = y.it aaa.com x.it
auth_verbose_passwords = plain
debug_log_path = syslog
dict {
quotadict = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
first_valid_uid = 150
info_log_path = /var/log/syslog
last_valid_uid = 150
listen = *
mail_debug = yes
mail_gid = mail
mail_location = maildir:/var/vmail/%d/%u
mail_plugins = quota
mail_uid = vmail
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
mail_log_fields = uid box msgid size
quota = dict:User quota::proxy::sqlquota
quota_rule = *:storage=50M
quota_rule2 = Trash:storage=+10M
}
postmaster_address = x...@y.it
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = mail
mode = 0600
user = vmail
}
}
service dict {
unix_listener dict {
group = mail
mode = 0660
user = vmail
}
}
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lda {
mail_plugins = quota
}
protocol imap {
mail_plugins = quota imap_quota
}
protocol pop3 {
mail_plugins = quota
}
grep -v '^ *\(#.*\)\?$' dovecot-dict-sql.conf.ext
connect = host=127.0.0.1 dbname=mail user=mail password=xxx
map {
pattern = priv/quota/storage
table = quota2
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = quota2
username_field = username
value_field = messages
}
grep -v '^ *\(#.*\)\?$' dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=mail user=mail password=xxx
default_pass_scheme = MD5-CRYPT
password_query = \
SELECT username as user, password, '/var/vmail/%d/%u' as userdb_home, \
'maildir:/var/vmail/%d/%u' as userdb_mail, 150 as userdb_uid, 8 as
userdb_gid \
FROM mailbox WHERE username = '%u' AND active = '1'
user_query = \
SELECT '/var/vmail/%d/%u' as home, 'maildir:/var/vmail/%d/%u' as mail, \
150 AS uid, 8 AS gid, CONCAT('*:storage=',ROUND(mailbox.quota /
1024)) AS quota_rule \
FROM mailbox WHERE username = '%u' AND active = '1'
iterate_query = SELECT username AS user FROM mailbox
--
--
Questo messaggio è di carattere riservato ed è indirizzato esclusivamente al
destinatario specificato. L'accesso, la divulgazione, la copia o la diffusione
sono vietate a chiunque altro ai sensi delle normative vigenti, e possono
costituire una violazione penale. Nel caso abbiate ricevuto questo messaggio
per errore siete tenuti a cancellarlo immediatamente confermando al mittente, a
mezzo e-mail, l'avvenuta cancellazione. (Legge Italiana 196/2003).
Re: [Dovecot] multiple users to same e-mail account with ldap authentication
2012/11/13 Robert Schetterer r...@sys4.de: Am 13.11.2012 14:56, schrieb Marco Gatti: 2012/11/13 Robert Schetterer r...@sys4.de: Am 13.11.2012 11:35, schrieb Marco Gatti: Hi, I was looking for a particular case of dovecot configuration I cannot find anywhere. Is there a way dovecot can authenticate via ldap different windows 2008 AD users that have access to the same e-mail account (like user authorization in ms exchange)? For example I want to extend AD schema to let users have 10 email accounts (with multiple domain support). If they are private accounts I think there is no problem at all. But if I want two or more users to access the same mail account what happens? Can I do it with dovecot? Or should I create AD groups and add members to that, to let user access the same mail account? Cheers there may more ways to goal this, for short looking one, way is described here http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm using ldap might be better look i.e http://blog.al-shami.net/2008/05/freebsd-postfix-dovecot-and-active-directory/ http://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x for ideas Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich Thank you Robert for the quick reply. I'm aware of the links you sent me, however they don't give me a clue if what I was asking may me done. I'll try to give more details. I have to build a multiple domain mail server with the use of windows AD authentication. I've managed to add some extra filed in the AD schema like this: mail1: accou...@example1.com box1: /example1.com/account1/ enabled1: TRUE quota1: 100 mail2: accou...@example2.com box2: /example2.com/account2/ enabled2: TRUE quota2: 100 There could be 10 or 50 of them for each AD user. If I use NTLM or PAM authentication (after joining the AD) I have to use AD usernames to login with dovecot and I don't know how then to deal with different email addresses configured per user. If I use LDAP lookup I have to use the email address as username but then if different AD users have to access the same email account how dovecot can manage it??? For example the LDAP configuration for user and password lookup may be something like this: user_attrs = sAMAccountName=mail=maildir:/var/mail/%d/%n,=uid=102,=gid=10050 user_filter = ((objectClass=person)(|((mail1=%u)(enabled1=TRUE)) ((mail2=%u)(enabled2=TRUE pass_attrs = userPassword=password pass_filter = ((objectClass=person)(|((mail1=%u)(enabled1=TRUE)) ((mail2=%u)(enabled2=TRUE I think I may be missing something important in how dovecot works, but cannot find any documentation about it. Regards hm thats complex, however i would not recommand trying change exchange/active dir schemas however the only reason i can think of for what you want is using dovecot as proxy? so what about this ? http://wiki2.dovecot.org/HowTo/ImapcProxy http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy http://wiki2.dovecot.org/Director Hmm I don't know honestly. I'll give it a try. -- Marco
Re: [Dovecot] multiple users to same e-mail account with ldap authentication
2012/11/13 Ben Morrow b...@morrow.me.uk: At 2PM +0100 on 13/11/12 you (Marco Gatti) wrote: 2012/11/13 Robert Schetterer r...@sys4.de: Am 13.11.2012 11:35, schrieb Marco Gatti: Hi, I was looking for a particular case of dovecot configuration I cannot find anywhere. Is there a way dovecot can authenticate via ldap different windows 2008 AD users that have access to the same e-mail account (like user authorization in ms exchange)? For example I want to extend AD schema to let users have 10 email accounts (with multiple domain support). If they are private accounts I think there is no problem at all. But if I want two or more users to access the same mail account what happens? Can I do it with dovecot? Or should I create AD groups and add members to that, to let user access the same mail account? snip I'll try to give more details. I have to build a multiple domain mail server with the use of windows AD authentication. I've managed to add some extra filed in the AD schema like this: mail1: accou...@example1.com box1: /example1.com/account1/ enabled1: TRUE quota1: 100 mail2: accou...@example2.com box2: /example2.com/account2/ enabled2: TRUE quota2: 100 This isn't a good schema to use for this. The mail1, mail2 c attributes represent the same property of different addresses, so they should be the same attribute on different objects. I don't know much about AD's LDAP server, is it straightforward to create brand new objectclasses? If I were doing this in an ordinary LDAP server I might create a class of objects which looked like mailboxAddr: accou...@example1.com mailboxLocation: /example1/account1 mailboxEnabled: TRUE mailboxQuota: 100 with mailboxAddr as the RDN, and then give each user a multi-valued mailbox attribute with the addresses that user has access to. You mean multi-valued mailboxAddr, mailboxLocation, and so on? How can I extract a single one and be sure it's correct? There could be 10 or 50 of them for each AD user. If I use NTLM or PAM authentication (after joining the AD) I have to use AD usernames to login with dovecot and I don't know how then to deal with different email addresses configured per user. If I use LDAP lookup I have to use the email address as username but then if different AD users have to access the same email account how dovecot can manage it??? If you want the user to be able to log in and see just one address at a time you have to have the user tell dovecot which user and which address they want when they log in. Since (usually) the only fields you have are 'user' and 'password', they will need to stuff both components into the user field somehow; perhaps by logging on with a user name of u...@domain.ad!accou...@example.com You would then need (probably) to write a checkpassword userdb script to split this into username and account name, verify the user is authorized for the account, look up the mailbox location using the account name, and pass the username back to be checked against the password. So, it could be done, but it would be messy and users would get it wrong all the time. Since users don't configure mail clients on their own it could be a solution! Alternatively, you could have the user log in with their ordinary AD account name, and then present them with *all* the email accounts they have access to, as separate (trees of) folders. You can do this with a post-login script which sets up a namespace for each account: see the example at the bottom of http://wiki2.dovecot.org/PostLoginScripting for something vaguely similar. You would need to use Net::LDAP (or some equivalent in some other language) to look up the user's accounts in the AD, and then create the relevant environment variables. (I'm not sure what to do about INBOX in a setup like this: I don't think you're allowed to *not* have an INBOX. Probably each user should have one 'canonical' private account, which contains their IMAP INBOX. If you didn't want to do this I expect you could set up a default namespace which is read-only, with just an empty INBOX in it.) If you want to try this, and you're having trouble getting the scripting right, I'd be happy to help you through it if you can post enough information about the LDAP schema you eventually decide on. Ben All accounts in a tree sounds bad since users won't clearly understand which is which. Thank you Ben! -- Marco
Re: [Dovecot] multiple users to same e-mail account with ldap authentication
2012/11/13 Willie Gillespie wgillespie+dove...@es2eng.com: On 11/13/2012 03:35 AM, Marco Gatti wrote: Is there a way dovecot can authenticate via ldap different windows 2008 AD users that have access to the same e-mail account (like user authorization in ms exchange)? Symlinks on the Dovecot maildirs? You'd have to read up on the caveats of that: http://wiki.dovecot.org/SharedMailboxes/Symlinks I would like to keep the configuration of new accounts on the Windows AD only and not to deal with links every time. But the problem I have is at authentication time: avoiding the matched multiple objects or a general authentication failure. Cheers -- Marco
[Dovecot] multiple users to same e-mail account with ldap authentication
Hi, I was looking for a particular case of dovecot configuration I cannot find anywhere. Is there a way dovecot can authenticate via ldap different windows 2008 AD users that have access to the same e-mail account (like user authorization in ms exchange)? For example I want to extend AD schema to let users have 10 email accounts (with multiple domain support). If they are private accounts I think there is no problem at all. But if I want two or more users to access the same mail account what happens? Can I do it with dovecot? Or should I create AD groups and add members to that, to let user access the same mail account? Cheers -- Marco
Re: [Dovecot] multiple users to same e-mail account with ldap authentication
2012/11/13 Robert Schetterer r...@sys4.de: Am 13.11.2012 11:35, schrieb Marco Gatti: Hi, I was looking for a particular case of dovecot configuration I cannot find anywhere. Is there a way dovecot can authenticate via ldap different windows 2008 AD users that have access to the same e-mail account (like user authorization in ms exchange)? For example I want to extend AD schema to let users have 10 email accounts (with multiple domain support). If they are private accounts I think there is no problem at all. But if I want two or more users to access the same mail account what happens? Can I do it with dovecot? Or should I create AD groups and add members to that, to let user access the same mail account? Cheers there may more ways to goal this, for short looking one, way is described here http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm using ldap might be better look i.e http://blog.al-shami.net/2008/05/freebsd-postfix-dovecot-and-active-directory/ http://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x for ideas Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich Thank you Robert for the quick reply. I'm aware of the links you sent me, however they don't give me a clue if what I was asking may me done. I'll try to give more details. I have to build a multiple domain mail server with the use of windows AD authentication. I've managed to add some extra filed in the AD schema like this: mail1: accou...@example1.com box1: /example1.com/account1/ enabled1: TRUE quota1: 100 mail2: accou...@example2.com box2: /example2.com/account2/ enabled2: TRUE quota2: 100 There could be 10 or 50 of them for each AD user. If I use NTLM or PAM authentication (after joining the AD) I have to use AD usernames to login with dovecot and I don't know how then to deal with different email addresses configured per user. If I use LDAP lookup I have to use the email address as username but then if different AD users have to access the same email account how dovecot can manage it??? For example the LDAP configuration for user and password lookup may be something like this: user_attrs = sAMAccountName=mail=maildir:/var/mail/%d/%n,=uid=102,=gid=10050 user_filter = ((objectClass=person)(|((mail1=%u)(enabled1=TRUE)) ((mail2=%u)(enabled2=TRUE pass_attrs = userPassword=password pass_filter = ((objectClass=person)(|((mail1=%u)(enabled1=TRUE)) ((mail2=%u)(enabled2=TRUE I think I may be missing something important in how dovecot works, but cannot find any documentation about it. Regards -- Marco
[Dovecot] No ports listening
Please forgive my newbie post but this has me stumped. I've been a happy
Dovecot 0.X and 1.X admin for years but something in my first 2.X
configuration is oddly broken. It loads fine, logs no errors, but
doesn't listen to any network ports! Thanks in advance for any help.
Marco
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.35.14 x86_64 Ubuntu 10.10 ext4
auth_debug = yes
auth_mechanisms = plain login
first_valid_gid = 111
first_valid_uid = 111
login_greeting = example.com pop/imap ready
mail_location = mbox:/var/mail/%u.imap:INBOX=/var/mail/%u
passdb {
args = scheme=CRYPT username_format=%u /etc/dovecot/users
driver = passwd-file
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
mode = 0666
}
}
service imap-login {
inet_listener imap {
address = *
port = 143
}
inet_listener imaps {
address = *
port = 993
}
process_limit = 50
}
service pop3-login {
inet_listener pop3 {
address = *
port = 110
}
inet_listener pop3s {
address = *
port = 995
}
process_limit = 50
}
ssl_cert = /etc/ssl/mail.example.com.crt
ssl_key = /etc/ssl/mail.example.com.key
syslog_facility = local0
userdb {
args = username_format=%u /etc/dovecot/users
driver = passwd-file
}
valid_chroot_dirs = /var/mail
verbose_proctitle = yes
verbose_ssl = yes
protocol lda {
postmaster_address = postmas...@example.com
}
Re: [Dovecot] Mail lost - maybe a bug???
Hello Timo of course we have entries: grep 'pop3.*mmanzoni.*del=0.*' deliver.log* |grep Dec 12 deliver.log.2:Dec 12 13:13:19 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=23/2025701, del=0/3920, size=700800292 deliver.log.2:Dec 12 13:46:02 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=1/475746, del=0/3921, size=701276018 deliver.log.2:Dec 12 14:58:08 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=8/911587, del=0/3929, size=702187446 deliver.log.2:Dec 12 14:58:09 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3929, size=702187446 deliver.log.2:Dec 12 15:55:24 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=1/936418, del=0/3930, size=703123844 deliver.log.2:Dec 12 16:40:59 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=1/421415, del=0/3931, size=703545240 deliver.log.2:Dec 12 16:43:23 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 deliver.log.2:Dec 12 17:37:21 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 deliver.log.2:Dec 12 17:44:38 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 deliver.log.2:Dec 12 18:14:29 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 deliver.log.2:Dec 12 18:17:50 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 Also what kind of tools are ever accessing mails? Is it just Dovecot LDA + IMAP + POP3? No doveadm or any external tools? yes, only LDA + IMAP + POP3, no external tools I hope you have some ideas Kind regards Marco carcano
Re: [Dovecot] Mail lost - maybe a bug???
not received the message - I tried also grepping for the object in the maildir, but haven't been able to get it what do you think about this? I really do not know where this issue can be - the only componet I suppose could have some kind of problem is in the LDA phase, but I'm just supposing do you want to give a look to my config files? If so, which one could be interesting to post? kind regards Marco Carcano Il giorno 17/nov/11, alle ore 18:34, Timo Sirainen ha scritto: On 17.11.2011, at 18.47, Marco Carcano wrote: Oct 27 11:20:34 srv001 dovecot: lda(user3): msgid=e9447410-51fe-45ff-b624-197840b9a...@usstlz-pinfez02.emrsn.org : saved mail to INBOX If Dovecot logs this, then the message definitely was saved to INBOX. it is exactly what I told to my colleagues, but belive me, sometime some mail get lost - Most likely reason for this is that the user's client deletes the message. Possibly an automatic client side filter or some UI issue that causes user to accidentally delete a mail. The mail_log plugin's logging would have showed if this was the case. I suspect however that could be mine misconfiguration somewhere, so that lda sometimes write the email not in the right place, but elsewhere, and just write the phrase saved mail to INBOX in the logs (however I'm wondering why sometimes?!?) I can't think of any reason why it would randomly write to a wrong place. I tried to find the missed email in the Maildir, but have not been able to get it - the commands used are cd /home/mailboxstore/theuser/Maildir grep 629222 */* |grep RE: grep 629222 .Drafts/* |grep RE: grep 629222 .Drafts/*/* |grep RE: grep 629222 .Junk/* |grep RE: grep 629222 .Posta\ eliminata/* |grep RE: grep 629222 .Posta\ indesiderata/* |grep RE: grep 629222 .Posta\ inviata/* |grep RE: grep 629222 .Sent/* |grep RE: grep 629222 .Templates/* |grep RE: grep 629222 .Trash/* |grep RE: Only the grep 629222 .Drafts/*/* |grep RE: was grepping from mail files. Easier would be just: grep -r RE:.*629222 . I really think is some kind of misconfiguration of mine, may you help me, please? Just tell me what pieces of config to show (just not to flood the whole config) I doubt this is related to configuration. But you could enable http://wiki2.dovecot.org/Plugins/Lazyexpunge so that messages won't be lost if they are expunged. The next time a message is lost, you would most likely find it from the lazy-expunge namespace. (Then you could write a script that deletes e.g. 1 week old files nightly.)
Re: [Dovecot] Mail lost - maybe a bug???
Hello Timo
and thanks again for the ultra quick reply!
Enabling mail_log plugin and/or lazy_expunge plugin would have helped
more (both mentioned in my previous mail).
Sorry - I thought I have enabled it, but maybe I did something wrong
with the configuration and it was not enabled:
here is what I did in order to enable mail_log:
syslog_facility = local5
mail_debug = yes
plugin {
# Events to log. Also available: flag_change append
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
# Group events within a transaction to one line.
#mail_log_group_events = no
# Available fields: uid, box, msgid, from, subject, size, vsize,
flags
# size and vsize are available only for expunge and copy events.
#mail_log_fields = uid box msgid size
}
There's really nothing in the LDA log that could explain why the
message
gets lost. It most likely was successfully delivered by LDA, but got
deleted afterwards for some reason.
You mean that this user's mails are never supposed to be deleted via
POP3? Verify that with:
yes, you got it - it is never supposed only because we are debugging ;O)
grep 'pop3.*mmanzoni.*del=[^0]' /var/log/dovecot.log
or wherever those POP3 disconnection messages are logged, i.e. you
should find lots of messages with:
grep 'pop3.*mmanzoni.*del=0' /var/log/dovecot.log
OK, tried the following - I have varoius log files
grep 'pop3.*mmanzoni.*del=[^0]' deliver.log*
and got nothing
grep 'pop3.*criva.*del=[^0]' deliver.log*
and got
deliver.log.1:Dec 15 12:26:16 srv001 dovecot: pop3(criva):
Disconnected: Logged out top=0/0, retr=1/8147, del=1613/1613,
size=619997598
deliver.log.1:Dec 15 12:27:39 srv001 dovecot: pop3(criva):
Disconnected: Logged out top=0/0, retr=200/50212479, del=200/200,
size=50208702
deliver.log.1:Dec 15 12:29:08 srv001 dovecot: pop3(criva):
Disconnected: Logged out top=0/0, retr=600/203527129, del=600/600,
size=203515938
deliver.log.1:Dec 15 12:30:49 srv001 dovecot: pop3(criva):
Disconnected: Logged out top=0/0, retr=1000/310592896, del=1000/1000,
size=310574037
deliver.log.1:Dec 15 12:31:10 srv001 dovecot: pop3(criva):
Disconnected: Logged out top=0/0, retr=399/44426198, del=399/399,
size=44418942
deliver.log.2:Dec 15 00:11:09 srv001 dovecot: pop3(criva):
Disconnected: Logged out top=0/0, retr=10530/1684049964,
del=10530/10530, size=1683854308
so yes, I'm pretty sure that mmanzoni never deletes messages
belive to me - usually I try to solve problems myself without
disturbing anyone else, but this time is really hard and I do not know
if I could face it alone
I hope you can help
kind regards
Marco Carcano
Re: [Dovecot] Mail lost - maybe a bug???
/0.05, dsn=2.0.0, status=sent (delivered via dovecot service) Nov 12 08:48:06 srv001 postfix/pipe[1445]: 244774E4AA2: to=user2@ourdomain.local , relay=dovecot, delay=0.08, delays=0.01/0.01/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service) Nov 12 08:48:06 srv001 dovecot: lda(theuser): msgid=899eab831ea7414f994704db43677a140450e...@npicmail.npic.com.sa : saved mail to INBOX Nov 12 08:48:06 srv001 postfix/pipe[1447]: 244774E4AA2: to=theuser@ourdomain.local , relay=dovecot, delay=0.09, delays=0.01/0.01/0/0.07, dsn=2.0.0, status=sent (delivered via dovecot service) Nov 12 08:48:06 srv001 dovecot: lda(user4): msgid=899eab831ea7414f994704db43677a140450e...@npicmail.npic.com.sa : saved mail to INBOX Nov 12 08:48:06 srv001 postfix/pipe[1450]: 244774E4AA2: to=user4@ourdomain.local , relay=dovecot, delay=0.26, delays=0.01/0.02/0/0.23, dsn=2.0.0, status=sent (delivered via dovecot service) Nov 12 08:48:06 srv001 postfix/qmgr[4876]: 244774E4AA2: removed Nov 12 08:48:08 srv001 postfix/smtpd[1430]: disconnect from mail.tasnee.com[62.3.52.58] as you can see again, the mail seems delivered, but is not I really think is some kind of misconfiguration of mine, may you help me, please? Just tell me what pieces of config to show (just not to flood the whole config) thank you Marco Carcano
Re: [Dovecot] Mail lost - maybe a bug???
Hello Timo and Urban, and thank you for the very quick reply I have already thought about these things: I have already disabled mailbox deletion from POP3 clients, that actually just leave the messages on the server however, this time noone of the 4 recipients got the email - so it is really strange that all che clients deleted the same message and left all the others we can notice this only a few days after the issue, because customers send us a reminder forwarding the lost mail Il giorno 17/nov/11, alle ore 18:34, Timo Sirainen ha scritto: On 17.11.2011, at 18.47, Marco Carcano wrote: Oct 27 11:20:34 srv001 dovecot: lda(user3): msgid=e9447410-51fe-45ff-b624-197840b9a...@usstlz-pinfez02.emrsn.org : saved mail to INBOX If Dovecot logs this, then the message definitely was saved to INBOX. it is exactly what I told to my colleagues, but belive me, sometime some mail get lost - Most likely reason for this is that the user's client deletes the message. Possibly an automatic client side filter or some UI issue that causes user to accidentally delete a mail. The mail_log plugin's logging would have showed if this was the case. I suspect however that could be mine misconfiguration somewhere, so that lda sometimes write the email not in the right place, but elsewhere, and just write the phrase saved mail to INBOX in the logs (however I'm wondering why sometimes?!?) I can't think of any reason why it would randomly write to a wrong place. maybe something related to LDAP lookups? what can happen if for some reason the LDAP server does not reply to the lookup? Timo, belive to me, I use dovecot since 3 years, and I am one of the thousands of happy user, I really can't explain what is happening on this server I'll do this trial: I'll enable lda debug logging ont a file on a USB hard disk - in order to know where exactly messages are stored, and enable also maillog too I'll keep you informed on what I'll find - maybe it will take some days, as I told it happens quite seldom thank you I tried to find the missed email in the Maildir, but have not been able to get it - the commands used are cd /home/mailboxstore/theuser/Maildir grep 629222 */* |grep RE: grep 629222 .Drafts/* |grep RE: grep 629222 .Drafts/*/* |grep RE: grep 629222 .Junk/* |grep RE: grep 629222 .Posta\ eliminata/* |grep RE: grep 629222 .Posta\ indesiderata/* |grep RE: grep 629222 .Posta\ inviata/* |grep RE: grep 629222 .Sent/* |grep RE: grep 629222 .Templates/* |grep RE: grep 629222 .Trash/* |grep RE: Only the grep 629222 .Drafts/*/* |grep RE: was grepping from mail files. Easier would be just: grep -r RE:.*629222 . I really think is some kind of misconfiguration of mine, may you help me, please? Just tell me what pieces of config to show (just not to flood the whole config) I doubt this is related to configuration. But you could enable http://wiki2.dovecot.org/Plugins/Lazyexpunge so that messages won't be lost if they are expunged. The next time a message is lost, you would most likely find it from the lazy-expunge namespace. (Then you could write a script that deletes e.g. 1 week old files nightly.)
[Dovecot] Mail lost - maybe a bug???
kind of bug in the maildrop version I use? by the way, I had this issue also before installing amavisd-new now some infos: CentOS 5.3 postfix-2.3.3-2.1.el5_2 amavisd-new-2.6.6-1.el5.rf dovecot-2.0.11-1_126 dovecot-managesieve-0.2.2-15 dovecot-pigeonhole-0.2.2-15 users are on a Kerberized OpenLDAP please help me because this is really driving me crazy - don't leave me alone, please Marco Carcano
Re: [Dovecot] dovecot user
Timo Sirainen ha scritto: On Fri, 2010-03-26 at 20:01 +1000, Noel Butler wrote: dovehole - you go inside dovecot via a hole, right? That is downright pornographic. dovehole - lovehole? dovenest isn't totally horrible (close), but dovehole is ... just not right at all. dovetail +1 Tail just doesn't make much sense to me. Also it's not completely free of pornographic associations either. :) So my last idea: doveless. It's less of a dovecot process. To me it seems closer to perfect as anything I've seen so far. I don't remember if 'dove-nil', 'dovenil' or 'dovenull' were suggested by anyone. If not please consider them. Kind regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Debian Unstable Packages
Sabahattin Gucukoglu ha scritto: Hi all, Speaking of Debian, what relative position are the Debian Unstable (Sid) packages in to the latest Bleeding edge builds of RCS-based releases from the Wiki? If using Unstable is it recommended to stay or use the newer ones? I'd say it was production, yes, but I'm forgiving of problems in the latest releases, so long as they aren't meant to be beta (i.e., known breakages). In the next few days a preliminary 2.0 package will be uploaded to experimental. We (the Debian Dovecot Maintainers) plan to avoid uploading the 2.0 package to unstable until it is released stable and has at least one bug-fix release. Kind regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Bug#570764: dovecot-common: sieve should allow Return-path header for address test
package dovecot-common
forward 570764 dovecot@dovecot.org
thanks
Martin Schwenke ha scritto:
Package: dovecot-common
Version: 1:1.2.10-1
Severity: normal
I attempt to compile the following sieve script...
mart...@bilbo:~/tmp$ cat test.sieve
if address :is Return-path owner-cip...@inka.de {
keep;
}
[Yes, it is useless - a minimal example to illustrate the bug. :-) ]
... and I get the following error:
mart...@bilbo:~/tmp$ sievec test.sieve
test: line 1: error: specified header 'Return-path' is not allowed for the
address test.
test: error: validation failed.
Error: failed to compile sieve script 'test.sieve'
This test is included in an example in the Dovecot sieve documentation at:
http://wiki.dovecot.org/LDA/Sieve#Mail_filtering_by_various_headers
That seems to suggest that it should work!
peace happiness,
martin
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages dovecot-common depends on:
ii adduser3.112 add and remove users and groups
ii libbz2-1.0 1.0.5-4 high-quality block-sorting file
co
ii libc6 2.10.2-2 GNU C Library: Shared libraries
ii libcomerr2 1.41.9-1 common error description library
ii libdb4.8 4.8.26-1 Berkeley v4.8 Database Libraries
[
ii libgssapi-krb5-2 1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries -
k
ii libk5crypto3 1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries -
C
ii libkrb5-3 1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.17-2.1OpenLDAP libraries
ii libmysqlclient16 5.1.41-3 MySQL database client library
ii libpam-runtime 1.1.1-1 Runtime support for the PAM
librar
ii libpam0g 1.1.1-1 Pluggable Authentication Modules
l
ii libpq5 8.4.2-2 PostgreSQL C client library
ii libsqlite3-0 3.6.22-1 SQLite 3 shared library
ii libssl0.9.80.9.8k-8 SSL shared libraries
ii openssl0.9.8k-8 Secure Socket Layer (SSL) binary
a
ii ucf3.0025Update Configuration File:
preserv
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
dovecot-common recommends no packages.
Versions of packages dovecot-common suggests:
ii ntp 1:4.2.4p8+dfsg-1 Network Time Protocol daemon and
u
-- no debconf information
This bug happen with latest version of sieve patches applied on dovecot
1.2.10.
Regards,
Marco
--
-
|Marco Nenciarini| Debian/GNU Linux Developer - Plug Member |
| mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia |
-
Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
signature.asc
Description: OpenPGP digital signature
Re: [Dovecot] Bug#564633: dovecot bug: Next message unexpectedly corrupted in mbox file
Justin Piszcz ha scritto: Package: dovecot-imapd Version: 1.2.9-1 Distribution: Debian Testing x86_64 Problem: See below. .. Looking further I found this (which is when the problem began to appear in the logs): First time: Jan 2 09:33:25 l1 dovecot: IMAP(user): Next message unexpectedly corrupted in mbox file /home/user/Mailbox at 10599 Due to: 2010-01-02 05:00:29 configure dovecot-common 1:1.2.9-1 1:1.2.9-1 2010-01-02 05:00:29 status unpacked dovecot-common 1:1.2.9-1 2010-01-02 05:00:29 status unpacked dovecot-common 1:1.2.9-1 2010-01-02 05:00:29 status unpacked dovecot-common 1:1.2.9-1 2010-01-02 05:00:29 status unpacked dovecot-common 1:1.2.9-1 2010-01-02 05:00:29 status unpacked dovecot-common 1:1.2.9-1 2010-01-02 05:00:29 status unpacked dovecot-common 1:1.2.9-1 2010-01-02 05:00:29 status half-configured dovecot-common 1:1.2.9-1 2010-01-02 05:00:31 status installed dovecot-common 1:1.2.9-1 2010-01-02 05:00:38 configure dovecot-imapd 1:1.2.9-1 1:1.2.9-1 2010-01-02 05:00:38 status unpacked dovecot-imapd 1:1.2.9-1 2010-01-02 05:00:38 status half-configured dovecot-imapd 1:1.2.9-1 2010-01-02 05:00:38 status installed dovecot-imapd 1:1.2.9-1 During an apt-get dist-upgrade.. Did dovecot 1.2.9 include this patch: http://www.dovecot.org/list/dovecot-cvs/2009-December/015177.html So now one sees the message, whereas before, no message was shown? Nothing to be concerned about? Justin. On Fri, 8 Jan 2010, Justin Piszcz wrote: Hi, t I am seeing this on one of my servers: Jan 8 10:08:58 l1 dovecot: IMuser(user): Next message unexpectedly corrupted in mbox file /home/user/Mailbox at 10558 I have never seen this before, and google yields no results except when this warning was added to the source code here: http://www.dovecot.org/list/dovecot-cvs/2009-December/015177.html The user has deleted all of the mail in the Mailbox but the problem persists. Any ideas? Justin. Hi Justin, Does the problem persist? Does it cause glitches for the user? Does it cause some corruptions or it's just a line in your log? Is it reproducible? I think it is some kind of corruption of the mailbox, but I found weird it persists after the deletion of all email. May be you should expunge deleted messages from the mailbox. Kind regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 signature.asc Description: OpenPGP digital signature
Re: [Dovecot] sieve script
Stephan Bosch ha scritto:
Lampa wrote:
2010-01-29T19:52:15.876551+01:00 hermes dovecot:
deliver(u...@domain.tld): sieve: main_script: line 6: number of
redirect actions exceeds policy limit
2010-01-29T19:52:15.881478+01:00 hermes dovecot:
deliver(centrumrea...@remax-czech.cz): sieve: execution of script
/home/mail/domain.tld/user/.dovecot.sieve failed, but implicit keep
was successful
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_max_redirects = 20
sieve_global_path = /home/mail/.dovecot.global.sieve
sieve_global_dir = /home/mail/sieve
}
using dovecot 1.2.9 on debain
This feature is first included in Pigeonhole Sieve 0.1.14. You need
debian package version 1:1.2.9-2, which is not yet in testing or
backports.
I've already built the backport to stable. I'll upload it as soon the
package will enter in testing. Meantime, if you want, you can download
it (for i386 and amd64) from my private repository[1]
Kind regards,
Marco
[1] http://www.prato.linux.it/~mnencia/debian/dovecot-lenny/
--
-
|Marco Nenciarini| Debian/GNU Linux Developer - Plug Member |
| mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia |
-
Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
signature.asc
Description: OpenPGP digital signature
Re: [Dovecot] md5_verify(...): Not a valid MD5-CRYPT or PLAIN-MD5 password
BaQs ha scritto:
I can't add {DES} to DES passwords, as this database
is used with many other softwares.
I'm not a MySQL expert, but you could add it to query using CONCAT() and
IF() functions, or you could define a custom view to the user table.
Regards,
Marco
--
-
|Marco Nenciarini| Debian/GNU Linux Developer - Plug Member |
| mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia |
-
Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
signature.asc
Description: OpenPGP digital signature
[Dovecot] Build fix on HURD
I've made two little patches to allow dovecot to be compiled on GNU/Hurd.
Could you review them?
Kind regards,
Marco Nenciarini
--
-
|Marco Nenciarini| Debian/GNU Linux Developer - Plug Member |
| mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia |
-
Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
# HG changeset patch
# User Marco Nenciarini mnen...@prato.linux.it
# Date 1260984874 -3600
# Branch HEAD
# Node ID b7276a3006d847d39cd5b39ac2197a47191181e5
# Parent 9c99f15829faf182d2e4c343994a004e85cbd2c2
Fix build on HURD (PATH_MAX not defined)
diff --git a/src/lib/compat.h b/src/lib/compat.h
--- a/src/lib/compat.h
+++ b/src/lib/compat.h
@@ -254,3 +254,10 @@
((errno) == EEXIST || (errno) == ENOTEMPTY || (errno) == EBUSY)
#endif
+
+/* PATH_MAX is only defined if the system actually have such fixed limit */
+/* see http://www.gnu.org/software/hurd/community/gsoc/project_ideas/maxpath.html */
+/* and http://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html */
+#ifndef PATH_MAX
+# define PATH_MAX 1024
+#endif
# HG changeset patch
# User Marco Nenciarini mnen...@prato.linux.it
# Date 1260984992 -3600
# Branch HEAD
# Node ID cf920078addcd4a9b163b25796cb00bbfc67bd26
# Parent b7276a3006d847d39cd5b39ac2197a47191181e5
Fix build on HURD (SA_SIGINFO not available)
diff --git a/src/lib/ioloop-notify-dn.c b/src/lib/ioloop-notify-dn.c
--- a/src/lib/ioloop-notify-dn.c
+++ b/src/lib/ioloop-notify-dn.c
@@ -191,9 +191,15 @@
/* SIGIO is sent if queue gets full. we'll just ignore it. */
signal(SIGIO, SIG_IGN);
+#ifdef SA_SIGINFO
act.sa_sigaction = sigrt_handler;
sigemptyset(act.sa_mask);
act.sa_flags = SA_SIGINFO | SA_RESTART | SA_NODEFER;
+#else
+ act.sa_handler = sigrt_handler;
+ sigemptyset(act.sa_mask);
+ act.sa_flags = SA_RESTART | SA_NODEFER;
+#endif
if (sigaction(SIGRTMIN, act, NULL) 0) {
if (errno == EINVAL) {
diff --git a/src/lib/lib-signals.c b/src/lib/lib-signals.c
--- a/src/lib/lib-signals.c
+++ b/src/lib/lib-signals.c
@@ -75,12 +75,17 @@
return t_strdup_printf(unknown %d, sicode);
}
+#ifdef SA_SIGINFO
static void sig_handler(int signo, siginfo_t *si, void *context ATTR_UNUSED)
+#else
+static void sig_handler(int signo)
+#endif
{
struct signal_handler *h;
char c = 0;
-#ifdef SI_NOINFO
+#ifdef SA_SIGINFO
+# ifdef SI_NOINFO
siginfo_t tmp_si;
if (si == NULL) {
@@ -90,6 +95,14 @@
tmp_si.si_code = SI_NOINFO;
si = tmp_si;
}
+# endif
+#else
+ siginfo_t *si;
+ siginfo_t tmp_si;
+
+ memset(tmp_si, 0, sizeof(tmp_si));
+ tmp_si.si_signo = signo;
+ si = tmp_si;
#endif
if (signo 0 || signo MAX_SIGNAL_VALUE)
@@ -115,8 +128,12 @@
}
}
+#ifdef SA_SIGINFO
static void sig_ignore(int signo ATTR_UNUSED, siginfo_t *si ATTR_UNUSED,
void *context ATTR_UNUSED)
+#else
+static void sig_ignore(int signo ATTR_UNUSED)
+#endif
{
/* if we used SIG_IGN instead of this function,
the system call might be restarted */
@@ -173,8 +190,13 @@
if (sigemptyset(act.sa_mask) 0)
i_fatal(sigemptyset(): %m);
+#ifdef SA_SIGINFO
act.sa_flags = SA_SIGINFO;
act.sa_sigaction = ignore ? sig_ignore : sig_handler;
+#else
+ act.sa_flags = 0;
+ act.sa_handler = ignore ? sig_ignore : sig_handler;
+#endif
if (sigaction(signo, act, NULL) 0)
i_fatal(sigaction(%d): %m, signo);
}
@@ -235,8 +257,13 @@
act.sa_flags = SA_RESTART;
act.sa_handler = SIG_IGN;
} else {
+#ifdef SA_SIGINFO
act.sa_flags = SA_SIGINFO;
act.sa_sigaction = sig_ignore;
+#else
+ act.sa_flags = 0;
+ act.sa_handler = sig_ignore;
+#endif
}
if (sigaction(signo, act, NULL) 0)
signature.asc
Description: OpenPGP digital signature
[Dovecot] FTBFS with binutils-gold
As reported in debian bug #554306 [1] dovecot fails to build with GNU binutils-gold or setting LDFLAGS=-Wl,--no-add-needed http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554306 The problem is that liblber isn't explicitly declared as a dependence when dovecot is compiled with ldap support. The attached patch fixes this little error. Regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 Index: dovecot-1.2.8/configure.in === --- dovecot-1.2.8.orig/configure.in 2009-11-27 13:38:40.508216120 +0100 +++ dovecot-1.2.8/configure.in 2009-11-27 13:55:23.623513021 +0100 @@ -1897,7 +1897,7 @@ AC_CHECK_LIB(ldap, ldap_start_tls_s, [ AC_DEFINE(LDAP_HAVE_START_TLS_S,, Define if you have ldap_start_tls_s) ]) - LDAP_LIBS=-lldap + LDAP_LIBS=-lldap -llber AC_SUBST(LDAP_LIBS) if test $want_ldap != plugin; then AUTH_LIBS=$AUTH_LIBS $LDAP_LIBS
Re: [Dovecot] 1.2.7: recs[i]-uid rec- uid
Brandon Davidson ha scritto: For the record, the old epoll_ctl issue was resolved by the patch that reordered the fd closes. We ran 1.2.6 with that patch for quite a while and it didn't reoccur once. I can confirm that the epoll_ctl bug was resolved. Kind Regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Brandon Davidson ha scritto: Hi Marco, Let's see what Timo has to say about that log file bit. Since it seems to happen to you fairly frequently, it might be worth enabling core dumps as well? You are right. I've just rebuilt my package with -g -O0 and enabled core dumps. Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
This morning it happened another time, another time during the daily cron execution. Oct 22 06:26:57 server dovecot: pop3-login: Panic: Leaked file fd 5: dev 0.12 inode 1005 Oct 22 06:26:57 server dovecot: dovecot: Temporary failure in creating login processes, slowing down for now Oct 22 06:26:57 server dovecot: dovecot: child 21311 (login) killed with signal 6 (core dumps disabled) I have dovecot 1.2.6 with Timo's patch to check leaked descriptors. Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto: On Thu, 2009-10-22 at 11:44 +0200, Marco Nenciarini wrote: This morning it happened another time, another time during the daily cron execution. Oct 22 06:26:57 server dovecot: pop3-login: Panic: Leaked file fd 5: dev 0.12 inode 1005 Can you apply the attached patch and see what it logs the next time it happens? I've applied the patch (with a little modification because i use managesieve) At this moment on all my systems I have a 1.2.6+2debug_patches and core dumps are enabled. Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto: That's the pty's fd I think, probably from dovecot --exec-mail because normally dovecot master process closes them at startup.. Did you check if two dovecot processes were running when this happened? This morning the problem showed again. This is what I was able to discover: 1) There was only one master process. 2) Imap and managesieve login and worker processes were working normally. 3) There was no pop3/pop3-login. After the last time I've modified my root crontab to execute the expire-tool every minute, trying to trigger the problem in another time of the day, but the first failure is Oct 6 06:26:02 delta01 dovecot: imap-login: Panic: Leaked file fd 5: dev 0.12 inode 1005 Oct 6 06:26:02 delta01 dovecot: dovecot: Temporary failure in creating login processes, slowing down for now Oct 6 06:26:02 delta01 dovecot: dovecot: child 21216 (login) killed with signal 6 (core dumps disabled) As you can see this time is the login process of an imap connection, so I can state that the problem is not related to pop3 and nor to expire plugin. Probably the imap connections that I see were there before the problem was triggered. So the only remaining thing in daily log rotation that can be the trigger of the problem is the heavy cpu/io load due to daily maintenance. The last weird thing is that this time I have simply asked dovecot to reload its configuration and the problem is vanished. I hope this is enough to figure out what was happened. Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Marco Nenciarini ha scritto: 2) Imap and managesieve login and worker processes were working normally. I only see this mistake now: the above statement is false, because the subsequent log show an imap-login failure. Sorry for this. Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto: On Wed, 2009-09-30 at 10:16 +0200, Marco Nenciarini wrote: Sep 30 06:26:15 server dovecot: pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5): Operation not permitted There is no additional information from Timo's patch, Oh, annoying. There was a bug in the function it used, this fixes it: http://hg.dovecot.org/dovecot-1.2/rev/401e023c8c29 [snip] The only thing related I can think of is http://hg.dovecot.org/dovecot-1.2/rev/0f04c7da33f1 - did you have that patch applied? Although I couldn't reproduce the problem even with that reverted. Another day, another failure, now with both patches applied. Oct 1 06:26:14 server dovecot: pop3-login: Panic: Leaked file fd 5: dev 0.12 inode 1005 Oct 1 06:26:14 server dovecot: dovecot: Temporary failure in creating login processes, slowing down for now Oct 1 06:26:14 server dovecot: dovecot: child 17609 (login) killed with signal 6 (core dumps disabled) Please note that the time is the same of previous days (just after daily cron execution) Regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto: On Tue, 2009-09-22 at 20:23 -0700, Mark Sapiro wrote: Sep 22 19:07:15 sbh16 dovecot: pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5): Operation not permitted Has this happened to you again? Do you run expire-tool or some other dovecot --exec-mail command? Or was there anything else run in cron just before the first of the above errors happened? No, it hasn't happened again. The only errors I found in my logs is like the following one Oct 1 09:20:29 delta01 dovecot: pop3-login: Disconnected (no auth attempts): rip=213.136.170.137, lip=10.68.1.31 Oct 1 09:20:29 delta01 dovecot: pop3-login: Panic: Leaked file fd 5: dev 0.12 inode 1005 Oct 1 09:20:29 delta01 dovecot: dovecot: Temporary failure in creating login processes, slowing down for now Oct 1 09:20:29 delta01 dovecot: pop3-login: Disconnected (no auth attempts): rip=62.94.181.36, lip=10.68.1.31 Oct 1 09:20:29 delta01 dovecot: dovecot: child 12936 (login) killed with signal 6 (core dumps disabled) The only dovecot-related command run by cron daily is expire-tool I've checked the list of running processes but there is only one /usr/sbin/dovecot running with its children Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto:
On Sep 23, 2009, at 11:27 AM, Timo Sirainen wrote:
On Sep 23, 2009, at 11:17 AM, Marco Nenciarini wrote:
First failure is:
Sep 23 06:26:14 server dovecot: pop3-login: Fatal:
io_loop_handle_add: epoll_ctl(1, 5): Operation not permitted
That's really the first one, and there's no kind of an error from
dovecot master process? This sounds like wrong fd is being passed to
pop3-login, but why it's being done only randomly I can't really think
of..
It could be useful to know what the fd actually is. See what it logs
with the attached patch?
The problem happened again.
Sep 30 06:26:15 server dovecot: pop3-login: Fatal: io_loop_handle_add:
epoll_ctl(1, 5): Operation not permitted
There is no additional information from Timo's patch, but if you compare
it with the last one you can see a weird match on both time and weekday:
Sep 23 06:26:14 server dovecot: pop3-login: Fatal: io_loop_handle_add:
epoll_ctl(1, 5): Operation not permitted
After some investigation I've found that the daily cron scripts are
executed every day at 6:25 and the only thing related to dovecot in
/etc/cron.daily is the call to expire plugin
-
server:~# cat /etc/cron.dailyclean-expired-messages
#!/bin/sh
dovecot --exec-mail ext /usr/lib/dovecot/expire-tool.sh
server:~# cat /usr/lib/dovecot/expire-tool.sh
#!/bin/bash
MAIL_PLUGINS=${MAIL_PLUGINS//imap_quota/}
MAIL_PLUGINS=${MAIL_PLUGINS//mail_log/}
exec ${0%.sh} $@
-
Moreover my expire plugin configuration is
expire: Trash 7 Trash/* 7 Cestino 7 Cestino/* 7 Junk 30 Spam 30
so the weekly periodicity can be explained with something happened in a
Trash mailbox.
My configuration is
-
# 1.2.5: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-2-xen-amd64 x86_64 Debian 5.0.3
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap imaps pop3 pop3s managesieve
ssl_cert_file: /etc/ssl/certs/delta01.pem
ssl_key_file: /etc/ssl/private/delta01.key
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
first_valid_uid: 2000
last_valid_uid: 2000
first_valid_gid: 2000
last_valid_gid: 2000
mail_privileged_group: mail
mail_location: maildir:~/Maildir
mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_executable(managesieve): /usr/lib/dovecot/managesieve
mail_plugins(default): quota imap_quota expire trash
mail_plugins(imap): quota imap_quota expire trash
mail_plugins(pop3): quota expire
mail_plugins(managesieve):
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
imap_client_workarounds(default): delay-newmail
imap_client_workarounds(imap): delay-newmail
imap_client_workarounds(pop3):
imap_client_workarounds(managesieve):
pop3_save_uidl(default): no
pop3_save_uidl(imap): no
pop3_save_uidl(pop3): yes
pop3_save_uidl(managesieve): no
pop3_uidl_format(default): %08Xu%08Xv
pop3_uidl_format(imap): %08Xu%08Xv
pop3_uidl_format(pop3): %f
pop3_uidl_format(managesieve): %08Xu%08Xv
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
pop3_client_workarounds(managesieve):
namespace:
type: private
separator: .
inbox: yes
list: yes
subscriptions: yes
namespace:
type: private
separator: .
prefix: INBOX.
hidden: yes
list: no
subscriptions: yes
lda:
postmaster_address: postmas...@xcon.it
mail_plugins: quota sieve expire
auth_socket_path: /var/run/dovecot/auth-master
auth default:
mechanisms: plain login
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: prefetch
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
plugin:
quota: dict:user::proxy::quota
quota2: dict:domain:%d:proxy::quota_domain
trash: /etc/dovecot/dovecot-trash.conf
expire: Trash 7 Trash/* 7 Cestino 7 Cestino/* 7 Junk 30 Spam 30
expire_dict: proxy::expire
sieve: ~/.dovecot.sieve
sieve_dir: ~/sieve
dict:
quota: pgsql:/etc/dovecot/dovecot-dict-quota.conf
quota_domain: pgsql:/etc/dovecot/dovecot-dict-quota-domain.conf
expire: pgsql:/etc/dovecot/dovecot-dict-expire.conf
