Re: Maildir to Mdbox and folder structure after the conversion
Il giovedì 10 giugno 2021, 13:12:09 CEST, Josef 'Jeff' Sipek ha scritto: If I'm understanding you correctly, it looks like you have a different mail_location set on the two servers. In one case it appears to have a mail// sort of format, and on the other... well, I have no idea but it looks like it is only mail/ or something similarly incorrect :) Exactly, the different structure seems to be due to a different configuration of the mail servers. In the end, having no experience with Dovecot and its migration utilities, I found it much easier to use Imapsync.
Re: Maildir to Mdbox and folder structure after the conversion
Il mercoledì 9 giugno 2021, 13:37:51 CEST, Aki Tuomi ha scritto: Maildir and mdbox have different directory structure. You cannot get them to be identical. Aki Yes I know, but the directory structure of the two pastebin links are both in Mdbox format ! What can be the cause of the different directory structure: a different version of Mdbox format or a different server configuration ?
Maildir to Mdbox and folder structure after the conversion
Using the dsync command I've converted a Dovecot mail folder from Maildir to Mdbox format. (see https://dovecot.org/pipermail/dovecot/2021-June/122304.html) The folder resulting from the conversion (see https://pastebin.com/6U4CDTQi ), however, has a completely different directory structure from the one used by the destination server where it will be transferred (see https://pastebin.com/nMEvqmqp ) What do I have to do to make the folder obtained after the conversion have a directory structure identical to the one used by the destination server ? Thank You.
Correct procedure to convert Maildir format to Mdbox
Hi, I need to migrate mail from a shared hosting that stores mail in the Maildir format to another one that uses the Mdbox format. Both hosts use Dovecot, though I don't know what version, because neither has Dovecot command line/ssh utilities available. So I installed Debian 10.9 + Dovecot-imapd (ver.2.3.4.1 stable), then in "/etc/dovecot/conf.d/10-mail.conf" I changed "mail_location = mbox:~/mail:INBOX=/var/mail/%u" to "mail_location = mdbox:~/mdbox" and "#separator =" to "separator = /" . I moved the contents of the folder containing the mail in Maildir format to ~/Maildir/ and then I ran "dsync -v -u user mirror maildir:~/Maildir/". The only users on the system are root and a limited priviledges user, but on the Debian server I didn't recreate any mail account/user that existed on the source server. The conversion command is executed without showing errors: the resulting ~/mdbox folder has a size of 370 MB while the ~/Maildir/ folder was 456 MB. I would like to know if the procedure I followed is correct and if the absence of errors when the command is executed means that the conversion was successful, or if I need to do some other test/check to make sure the whole conversion process is ok. Thank you.
Re: connection closes every 10 minutes
Hi, I honestly don't know if the old modem had an integrated router, and I have already disposed of it. What I am sure of is that I had NOT changed anything in its settings for many months, if not years, and everything was working without problems until a few weeks ago, when I posted here. Marco Il giorno mar 27 apr 2021 alle ore 23:49 Joseph Tam ha scritto: > > On Mon, 26 Apr 2021, Marco Fioretti wrote: > > > 3) a few days ago I received a new modem from my ISP, as part of their > > network upgrade operations > > > > 4) more or less in the same moment the problem I reported here > > disappeared. Now mutt stays connected even 24 hours without losing > > connection. > > > > I am NOT 100% sure that the problem disappeared AFTER the change of > > modem. That happened during a few chaotic days, both work- and > > family-wise, so I did not take notes. And modems may have nothing to > > do at all with the disconnections. But now the problem is not there > > anymore, I have no clue what may have happened, and if anybody can > > guess... thanks in advance. > > Does this modem also have an integrated router? These units tend to > act as NAT gateways/firewalls that keep track of "active" sessions by > tracking external/interface NAT address mappings. Cheap or older one > could have TTL on these entries i.e. if no traffic is detected within > a time window, it is discarded, and appearing as if the endpoints had > disconnected. I guess it could also happen if the state tracking > tables has limited memory and your internal network is busy, like a family > member opening up a P2P application. > > Just a hypothesis. > > >> Apr 12 16:12:49 SERVERNAME dovecot: imap(ACCOUNTNAME): Logged out in=164 > >> out=757 > > However, my hypothesis wouldn't produce this. This is a active > logout. > > Joseph Tam
Re: connection closes every 10 minutes
update on this: to make a long story short 1) I did run mutt with debug enabled , but could not recognize anything useful 2) I had the same problem with mutt from my laptop 3) a few days ago I received a new modem from my ISP, as part of their network upgrade operations 4) more or less in the same moment the problem I reported here disappeared. Now mutt stays connected even 24 hours without losing connection. I am NOT 100% sure that the problem disappeared AFTER the change of modem. That happened during a few chaotic days, both work- and family-wise, so I did not take notes. And modems may have nothing to do at all with the disconnections. But now the problem is not there anymore, I have no clue what may have happened, and if anybody can guess... thanks in advance. Il giorno lun 12 apr 2021 alle ore 16:47 Marco Fioretti ha scritto: > > Greetings, > > I use mutt on Ubuntu to access my IMAP mailboxes, on my Centos email > server that runs dovecot. Everything has worked without problems for > years. About one week ago, the connection between mutt and dovecot > became unstable. > > Before, I could leave mutt connected for days in a row, no problem. > Now, everything still works fine, except... I get every ten minutes I > get "connection timed out" in Mutt's status line, and hundreds of > messages like > > Apr 12 16:12:49 SERVERNAME dovecot: imap(ACCOUNTNAME): Logged out in=164 > out=757 > > what puzzles me is that I did not touch anything both on my server and > on my desktop, except an "apt-get update" some days before this > started. > > But cannot see how it would be related anyway, nor have I found > anything online like this. > > Any help to understand what happened and fix it is very welcome. > > Marco
connection closed every ten minutes
Greetings, I use mutt on Ubuntu to access my IMAP mailboxes, on my Centos email server that runs dovecot. Everything has worked without problems for years. About one week ago, the connection between mutt and dovecot became unstable. Before, I could leave mutt connected for days in a row, no problem. Now, everything still works fine, except... I get every ten minutes I get "connection timed out" in Mutt's status line, and hundreds of messages like Apr 12 16:12:49 SERVERNAME dovecot: imap(ACCOUNTNAME): Logged out in=164 out=757 what puzzles me is that I did not touch anything both on my server and on my desktop, except an "apt-get update" some days before this started. But cannot see how it would be related anyway, nor have I found anything online like this. Any help to understand what happened and fix it is very welcome. Marco
connection closes every 10 minutes
Greetings, I use mutt on Ubuntu to access my IMAP mailboxes, on my Centos email server that runs dovecot. Everything has worked without problems for years. About one week ago, the connection between mutt and dovecot became unstable. Before, I could leave mutt connected for days in a row, no problem. Now, everything still works fine, except... I get every ten minutes I get "connection timed out" in Mutt's status line, and hundreds of messages like Apr 12 16:12:49 SERVERNAME dovecot: imap(ACCOUNTNAME): Logged out in=164 out=757 what puzzles me is that I did not touch anything both on my server and on my desktop, except an "apt-get update" some days before this started. But cannot see how it would be related anyway, nor have I found anything online like this. Any help to understand what happened and fix it is very welcome. Marco
dovecot user id and mail folder permissions, was "no shared cipher"
Greetings, I thought it may be better to start a separate thread now that the cipher problem is solved. Background: I have had to recreate from scratch, and without notice, a working server to a new VPS, with different versions of dovecot and other software. Now I am having problems with accessing the imap folders from home. Now I have postfix/procmail successfully delivering email to the right IMAP folders. Problem is, postfix/procmail run as user mail_manager, group mail_management, and the permissions on those folders are currently all set to 755. The consequence is that dovecot, running as user "dovecot", extra group mail_management, cannot modify those folders and their indexes. What is the best/safest configuration in these cases? 1) run dovecot too as user "mail_manager"? (if yes, how, with dovecot 2.2.36?) 2) recursively change permissions of ALL the mail folders and files to 775? 3) both 1) and 2) ? 4) other (e.g. certain permissions for folders, others for specific files? Thanks in advance for any advice! Marco
Re: "no shared cypher", no matter what I try
The problem is solved, thanks to Aki. I was missing the "include" directive in dovecot.conf, because it was not needed in the dovecot version I was using previously. Now I have a related question, and... another problem :-) The question: what is a safer/more sensible value for ssl_cipher_list than the current "ALL"? The problem: now that I can login, a permission/ownership problem came out. In the old server, the mailboxes were owned by user mail_manager, group mail_management In the new server I recreated those users, copied the mailboxes as they were. Postfix / procmail are using that userid, and can write successfully to the mailboxes. Dovecot, instead, cannot. Even if I added the dovecot user to the mail_management group, it keeps generating plenty of errors like this Dec 11 12:34:13 SERVERNAME dovecot: imap(USERNAME): Error: file_dotlock_create(/var/mail/mymail_storage/base/.archive.2018.12/dovecot-uidlist) failed: Permission denied (euid=5000() egid=5000(mail_management) missing +w perm: /var/mail/mymail_storage/base/.archive.2018.12, dir owned by 1001:5000 mode=0755) of course it cannot create the log file because the owner is the mail_manager user (euid 5000) so the question is: what is the good/best practice now? Make dovecot run as user mail_manager? And if yes, how? Or should I change the permissions of all the mailboxes and mail files with chmod -r 775 ? Thanks, Marco
Re: "no shared cypher", no matter what I try
Hello Aki, maybe I misunderstood you, but both adding an "ssl = yes" line to this section of dovecot.conf, and commenting out the whole "four lines starting at "inet_listener imaps" do not have any effect : service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } this is the error I still get after restarting dovecot, and trying again to connect with mutt: ogin: Debug: SSL: where=0x10, ret=1: before/accept initialization [my.home.ip.address] Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [my.home.ip.address] Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [my.home.ip.address] Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [my.home.ip.address] Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error [my.home.ip.address] Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error [my.home.ip.address] Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=my.home.ip.address, lip=server.ip.address, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session= Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: passwd-file /etc/imap.v_users: Read 1 users Il giorno mar 11 dic 2018 alle ore 11:01 Aki Tuomi ha scritto: > > Hi! > > You have misconfigured service imap-login, remove the 993 listener > config (it's there by default) or add ssl = yes to it. > > Aki > > On 11.12.2018 11.58, Marco Fioretti wrote: > > hello, and some update > > short version: the error is still there, but I have some more data to > > share, thanks in advance for further advice > > > > first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is > > not an obsolete version. > > second... at the moment I can send email through postfix on the same > > server, with the > > same certificates (almost: I still have to fix some stuff, but is NOT > > related to SSL/TLS, e.g > > reverse DNS). > > > > However, running openssl as requested returns "no peer certificate > > available", and when > > I connect with mutt to dovecot I still get the "no shared cipher" > > error. These are the permissions > > on the certificate files: > > > > ls -l /etc/letsencrypt/archive//fullchain1.pem > > /etc/letsencrypt/archive//privkey1.pem > > -r. 1 root root 3546 Dec 7 11:59 > > /etc/letsencrypt/archive//fullchain1.pem > > -r. 1 root root 1704 Dec 7 11:59 > > /etc/letsencrypt/archive//privkey1.pem > > > > output of openssl, dovecot -n, its current SSL settings and excerpt of > > the log file are all below. > > > > openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993 > > CONNECTED(0003) > > 140141825717912:error:14077410:SSL > > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake > > failure:s23_clnt.c:769: > > --- > > no peer certificate available > > --- > > No client certificate CA names sent > > --- > > SSL handshake has read 7 bytes and written 305 bytes > > --- > > New, (NONE), Cipher is (NONE) > > Secure Renegotiation IS NOT supported > > Compression: NONE > > Expansion: NONE > > No ALPN negotiated > > SSL-Session: > > Protocol : TLSv1.2 > > Cipher: > > Session-ID: > > Session-ID-ctx: > > Master-Key: > > Key-Arg : None > > PSK identity: None > > PSK identity hint: None > > SRP username: None > > Start Time: 1544521696 > > Timeout : 300 (sec) > > Verify return code: 0 (ok) > > --- > > > > current SSL dovecot settings in conf.d/10-ssl.conf > > > > ssl = yes > > > > ssl_prefer_server_ciphers = yes > > > > ssl_dh_parameters_length = 2048 > > > > sl_min_protoco
Re: "no shared cypher", no matter what I try
hello, and some update short version: the error is still there, but I have some more data to share, thanks in advance for further advice first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is not an obsolete version. second... at the moment I can send email through postfix on the same server, with the same certificates (almost: I still have to fix some stuff, but is NOT related to SSL/TLS, e.g reverse DNS). However, running openssl as requested returns "no peer certificate available", and when I connect with mutt to dovecot I still get the "no shared cipher" error. These are the permissions on the certificate files: ls -l /etc/letsencrypt/archive//fullchain1.pem /etc/letsencrypt/archive//privkey1.pem -r. 1 root root 3546 Dec 7 11:59 /etc/letsencrypt/archive//fullchain1.pem -r. 1 root root 1704 Dec 7 11:59 /etc/letsencrypt/archive//privkey1.pem output of openssl, dovecot -n, its current SSL settings and excerpt of the log file are all below. openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993 CONNECTED(0003) 140141825717912:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 305 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher: Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1544521696 Timeout : 300 (sec) Verify return code: 0 (ok) --- current SSL dovecot settings in conf.d/10-ssl.conf ssl = yes ssl_prefer_server_ciphers = yes ssl_dh_parameters_length = 2048 sl_min_protocol = TLSv1.2 ssl_cert = /fullchain1.pem ssl_key = /privkey1.pem ssl_cipher_list = ALL output of dovecot -n: # OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release 7.6.1810 (Core) ext4 # Hostname: SERVER NAME auth_debug = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain mail_location = maildir:/var/mail/mymail_storage/base/ passdb { args = /etc/imap.v_users driver = passwd-file } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } } ssl = required userdb { args = /etc/imap.v_users driver = passwd-file } verbose_ssl = yes this is the error message I get by when I tried to connect with mutt: Dec 11 08:34:26 MYSERVER dovecot: master: Dovecot v2.2.36 (1f10bfa63) starting up for imap, pop3, lmtp (core dumps disabled) Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [my.home.ip.address] Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [my.home.ip.address] Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [my.home.ip.address] Dec 11 08:34:34 MYSERVER dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [my.home.ip.address] Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error [my.home.ip.address] Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error [my.home.ip.address] Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello: Dec 11 08:34:34 MYSERVER dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=my.home.ip.address, lip=my.vps.ip.address, TLS hands haking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session= Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: passwd-file /etc/imap.v_users: Read 1 users in 0 secs
"no shared cypher", no matter what I try
Greetings, I have had to reinstall my email server on another Linux (centos 7.6) VPS, with a newer version of dovecot, other software and a brand new letsencrypt certificate just for email withpostfix and dovecot (that certificate works fine with postfix). Output of dovecot --version and dovecot -n on the new server is below. Now, messages ARE delivered in the right IMAP mailboxes, but when I try to connect with Mutt from my home computer, mutt says, before prompting for a password: gnutls_handshake: A TLS fatal alert has been received.(Handshake failed) the corresponding output of dovecot in /var/log/maillog is below. The gist of it **seems** to me to be the "no shared cipher" part, but I may be wrong. In any case, I have already tried to search online for that string, and other relevant parts of the log, without success. All I have found is suggestions to change the values of ssl_protocols and/or ssl_cipher_list to some non-default value, but I have tried all those tips without success. Current values of those variables are these: grep -v ^# /etc/dovecot/conf.d/10-ssl.conf ssl_cert = , rip=47.53.159.60, lip=116.202.20.216, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session= Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Dec 8 10:53:43 MYSERVERNAME dovecot: auth: Debug: passwd-file /etc/imap.v_users: Read 1 users in 0 secs # dovecot --version 2.2.36 (1f10bfa63) # 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release 7.6.1810 (Core) ext4 # Hostname: MYSERVERNAME auth_debug = yes auth_mechanisms = plain login auth_verbose = yes mail_location = maildir:/var/mail//base/ passdb { args = /etc/imap.v_users driver = passwd-file } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } } ssl = required userdb { args = /etc/imap.v_users driver = passwd-file } verbose_ssl = yes
Re: Set X-Original-To based an ORCPT?
Hi, to get a 'Delivered-to' header based on ORCPT, I wrote a patch (attached) to force Dovecot lmtp to advertise DSN after a LHLO command. In this way, Postfix add an ORCPT to the RCTP command (http://postfix.1071664.n5.nabble.com/pipe-flags-vs-lmtp-td11587.html#a11596). Be carefully: in this way DSN notification is broken, but they were broken in any case at the time I wrote the patch (read the entire post linked above). The first patch is for Dovecot 2.2.x: after apply, you cannot disable the DSN advertisement. The other is for Dovecot 2.3.0: you can enable/disable the advertisement using the new bool parameter 'lmtp_lhlo_dsn'. I'm using it for the past two years, without any problem. Thanks, Marco On 2018-08-07 11:48, Tom Sommer wrote: > On 2015-09-02 22:01, Peer Heinlein wrote: >> Since >> >> http://dovecot.org/pipermail/dovecot-cvs/2014-November/025241.html >> >> Dovecot's LMTP does support ORCPT. >> >> Is it possible to set X-Original-To-Header based on that ORCPT? > > Any news or response on this? I too am in need of this header being > passed and saved correctly. > > Thanks. > > -- > Tom > -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244 --- dovecot-2.2.24/src/lmtp/commands.c.orig 2016-04-26 15:01:21.0 +0200 +++ dovecot-2.2.24/src/lmtp/commands.c 2017-02-16 16:01:39.091220376 +0100 @@ -82,7 +82,8 @@ client_send_line(client, "250-XCLIENT ADDR PORT TTL TIMEOUT"); client_send_line(client, "250-8BITMIME"); client_send_line(client, "250-ENHANCEDSTATUSCODES"); - client_send_line(client, "250 PIPELINING"); + client_send_line(client, "250-PIPELINING"); + client_send_line(client, "250 DSN"); i_free(client->lhlo); client->lhlo = i_strdup(str_c(domain)); @@ -200,6 +201,11 @@ client->state.mail_body_7bit = TRUE; else if (strcasecmp(*argv, "BODY=8BITMIME") == 0) client->state.mail_body_8bitmime = TRUE; + /* Skip unsupported DSN parameters */ + else if (strncasecmp(*argv, "RET=", 4) == 0) + continue; + else if (strncasecmp(*argv, "ENVID=", 6) == 0) + continue; else { client_send_line(client, "501 5.5.4 Unsupported options"); @@ -638,9 +644,12 @@ argv = t_strsplit(params, " "); for (; *argv != NULL; argv++) { - if (strncasecmp(*argv, "ORCPT=", 6) == 0) { + if (strncasecmp(*argv, "ORCPT=", 6) == 0) rcpt->params.dsn_orcpt = parse_xtext(client, *argv + 6); - } else { + /* Skip unsupported DSN parameter */ + else if (strncasecmp(*argv, "NOTIFY=", 7) == 0) + continue; + else { client_send_line(client, "501 5.5.4 Unsupported options"); return 0; } diff -up dovecot-2.3.0/src/lmtp/client.c.orig dovecot-2.3.0/src/lmtp/client.c --- dovecot-2.3.0/src/lmtp/client.c.orig 2018-01-05 07:45:36.0 +0100 +++ dovecot-2.3.0/src/lmtp/client.c 2018-01-16 08:55:49.437006465 +0100 @@ -151,6 +151,8 @@ struct client *client_create(int fd_in, SMTP_CAPABILITY_ENHANCEDSTATUSCODES | SMTP_CAPABILITY_8BITMIME | SMTP_CAPABILITY_CHUNKING; + if (client->lmtp_set->lmtp_lhlo_dsn) + lmtp_set.capabilities |= SMTP_CAPABILITY_DSN; if (!conn->ssl && master_service_ssl_is_enabled(master_service)) lmtp_set.capabilities |= SMTP_CAPABILITY_STARTTLS; lmtp_set.hostname = client->unexpanded_lda_set->hostname; diff -up dovecot-2.3.0/src/lmtp/lmtp-settings.c.orig dovecot-2.3.0/src/lmtp/lmtp-settings.c --- dovecot-2.3.0/src/lmtp/lmtp-settings.c.orig 2018-01-05 07:45:36.0 +0100 +++ dovecot-2.3.0/src/lmtp/lmtp-settings.c 2018-01-16 08:53:13.513920390 +0100 @@ -62,6 +62,7 @@ static const struct setting_define lmtp_ DEF(SET_BOOL, lmtp_proxy), DEF(SET_BOOL, lmtp_save_to_detail_mailbox), DEF(SET_BOOL, lmtp_rcpt_check_quota), + DEF(SET_BOOL, lmtp_lhlo_dsn), DEF(SET_UINT, lmtp_user_concurrency_limit), DEF(SET_ENUM, lmtp_hdr_delivery_address), DEF(SET_STR_VARS, login_greeting), @@ -74,6 +75,7 @@ static const struct lmtp_settings lmtp_d .lmtp_proxy = FALSE, .lmtp_save_to_detail_mailbox = FALSE, .lmtp_rcpt_check_quota = FALSE, + .lmtp_lhlo_dsn = FALSE, .lmtp_user_concurrency_limit = 0, .lmtp_hdr_delivery_address = "final:none:original", .login_greeting = PACKAGE_NAME" ready.", diff -up dovecot-2.3.0/src/lmtp/lmtp-settings.h.orig dovecot-2.3.0/src/lmtp/lmtp-settings.h --- dovecot-2.3.0/src/lmtp/lmtp-settings.h.orig 2018-01-05 07:45:36.0 +0100 +++ dovecot-2.3.0/src/lmtp/lmtp-settings.h 2018-01-16 08:57:18.505887547 +0100 @@ -16,6 +16,7 @@ struct lmtp_settings { bool lmtp_proxy; bool lmtp_save_to_detail_mailbox; bool lmtp_rcpt_check_quota; + bool lmtp_lhlo_dsn; unsigned int lmtp_user_concurrency_limit; const char *lmtp_hdr_delivery_address; const char *login_greeting;
Re: Shared mailboxes, index files and 'per-user-seen' flags
Hi Thomas, it is a known problem: https://www.dovecot.org/pipermail/dovecot/2018-February/111057.html Try the solution suggested in above mail; it works for me. Thanks, Marco On 2018-06-06 13:53, Thomas Robers wrote: > Hello, > > i have a dovecot server version 2.3.1 under CentOS 6.9 and we're > using shared mailboxes with index files shared. With this configuration > I can see a lot of error messages like: > > Jun 6 13:20:31 mail dovecot: Error: imap(us...@tutech.de)<4513> > : /export/home/imap/us...@tutech.de/shared > /us...@tutech.de/folder/dovecot.index.pvt view is inconsistent > > In 10-mail.conf the location setting is: > > location = maildir:%%h/Maildir:INDEXPVT=%h/shared/%%u > > I thought setting the index files to "not shared" might help to > get rid of the errors, so I changed the setting to: > > location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:INDEXPVT=%h > /shared/%%u > > like it's mentioned in the Dovecot wiki. But that doesn't work as > I expected, because the 'per-user-seen' flags do not work correctly > anymore, i think. If UserA, who has UserB as shared mailbox, > changes the seen flags of UserBs INBOX, UserBs seen flags are also > changed. The other way, if UserB changes seen flags in his INBOX > they are not changed in the shared view of UserA. Is this the > supposed way to work or do i have an error in the configuration? > > Any help is appreciated. > > Thanks, Thomas. > > Here's my currently used configuration: > > # 2.3.1 (c5a5c0c82): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.devel (61b47828) > # OS: Linux 2.6.32-696.23.1.el6.x86_64 x86_64 CentOS release 6.9 (Final) > ext4 > # Hostname: mail.tutech.de > auth_master_user_separator = * > auth_mechanisms = plain login > auth_verbose = yes > disable_plaintext_auth = no > doveadm_password = # hidden, use -P to show it > doveadm_port = 12345 > imap_max_line_length = 2 M > mail_debug = yes > mail_location = maildir:/export/home/imap/%Lu/Maildir > mail_plugins = acl zlib mail_log notify > mail_prefetch_count = 1 > mailbox_idle_check_interval = 10 secs > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date index ihave duplicate mime foreverypart > extracttext > namespace { > hidden = no > ignore_on_failure = no > inbox = no > list = children > location = maildir:%%h/Maildir:INDEXPVT=%h/shared/%%u > prefix = shared/%%u/ > separator = / > subscriptions = yes > type = shared > } > namespace inbox { > hidden = no > inbox = yes > list = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = INBOX/ > separator = / > type = private > } > > passdb { > args = /etc/dovecot/master-users > driver = passwd-file > master = yes > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf.ext > driver = ldap > } > plugin { > acl = vfile:/etc/dovecot/global-acls:cache_secs=300 > acl_shared_dict = file:/export/home/shared-db/shared-mailboxes > mail_log_events = append delete undelete expunge copy mailbox_delete > mailbox_rename flag_change > mail_log_fields = uid box msgid size from flags > mail_replica = tcp:mail2.tutech.de > sieve = ~/.dovecot.sieve > sieve_dir = ~/sieve > sieve_global = /var/lib/dovecot/sieve/global/ > sieve_user_log = ~/.dovecot.sieve.log > zlib_save = gz > zlib_save_level = 6 > } > protocols = imap pop3 lmtp sieve sieve > service aggregator { > fifo_listener replication-notify-fifo { > mode = 0666 > user = vmail > } > unix_listener replication-notify { > mode = 0666 > user = vmail > } > } > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0666 > } > unix_listener auth-userdb { > group = vmail > mode = 0660 > user = vmail > } > } > service config { > unix_listener config { > user = vmail > } > } > service doveadm { > inet_listener { > port = 12345 > } > user = vmail > } > service imap-login { > inet_listener imaps { > port = 993 > ssl = yes > } > process_limit = 500 > process_min_avail = 20 > } &g
Re: dovecot.index.pvt reset, view is now inconsistent
Fun, I didn't read your message yesterday, but today I send an email like yours !!! Cheers, Marco On 2018-02-27 19:02, Rupert Gallagher wrote: Problem solved by going in manually. The log message appears for empty "public" folders. Say, you have a folder X with subfolder Y, where X does not contain any e-mail. The log message disappears if you drop an email into X, then remove it. Puf, gone! So, there seems to be a baby bug in how dovecot manages the index in this case. -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
BUG: Error: dovecot.index.pvt reset, view is now inconsistent when shared folder is new and empty
Hi, I'm using Dovecot 2.2.33.2 on a RHEL 7, new installation. My log is full of : Error: INDEX_FOLDER/dovecot.index.pvt reset, view is now inconsistent or Error: INDEX_FOLDER/dovecot.index.pvt view is inconsistent when shared folder is never touched and empty. UserA share X folder with UserB, if X folder is new (never touched) and empty every time UserB looks in that folder, an error appears in log file. If UserA copy a mail in X folder, no more errors. If UserA (or UserB) delete all mails in X folder (the folder is empty again), no more errors. So the errors appear when UserB access a new (never touched) shared empty folder; if the folder is empty, but not new (p.e. UserA has already copied and deleted mails in that folder) error is logged only once. Attached my configuration. Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244 # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 3.10.0-693.17.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708 (Core) auth_debug = yes auth_master_user_separator = * auth_mechanisms = plain login auth_username_format = %Ln auth_verbose = yes auth_verbose_passwords = sha1:6 doveadm_password = # hidden, use -P to show it doveadm_port = 26001 first_valid_uid = 200 hostname = hostname.example.com imap_client_workarounds = delay-newmail imapc_features = rfc822.size fetch-headers imapc_host = hostname.example.com imapc_master_user = dovesuper imapc_password = # hidden, use -P to show it imapc_user = %u lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = Delivered-To listen = * lmtp_hdr_delivery_address = original lmtp_rcpt_check_quota = yes login_trusted_networks = 10.0.0.0/30 10.0.0.0/30 10.0.0.0/23 mail_fsync = always mail_gid = vmail mail_home = /srv/mail/%1n/%n mail_location = mdbox:~/dbox:ALT=/srv/archives/%1n/%n/dbox:INDEX=/srv/indexes/%1n/%n:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n mail_plugins = acl mailbox_alias quota fts fts_solr mail_prefetch_count = 20 mail_server_admin = mailto:postmas...@example.com mail_shared_explicit_inbox = yes mail_uid = vmail mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds spamtest spamtestplus editheader imapflags notify mbox_write_locks = fcntl mdbox_rotate_interval = 1 days mdbox_rotate_size = 64 M mmap_disable = yes namespace inbox { inbox = yes location = mailbox Archives { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / } namespace others { list = children location = mdbox:%%h/dbox:ALT=/srv/archives/%%1n/%%n/dbox:INDEX=/srv/indexes/%%1n/%%n:INDEXPVT=/srv/indexes/%1n/%n/shared/%%n:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n/shared/%%n prefix = Other Users/%%n/ separator = / subscriptions = no type = shared } passdb { args = /etc/dovecot/passwd.masterusers default_fields = userdb_master_user=%{login_user} driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.masterusers.acl default_fields = userdb_acl_defaults_from_inbox=yes userdb_mail=mdbox:/srv/mail/%1{login_user}/%{login_user}/dbox:ALT=/srv/archives/%1{login_user}/%{login_user}/dbox:INDEX=/srv/indexes/%1{login_user}/%{login_user}:INDEXPVT=/srv/indexes/%1n/%n/master/%{login_user}:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n/master/%{login_user} driver = ldap master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.masterusers.noacl default_fields = userdb_master_user=%{login_user} userdb_mail=mdbox:/srv/mail/%1{login_user}/%{login_user}/dbox:ALT=/srv/archives/%1{login_user}/%{login_user}/dbox:INDEX=/srv/indexes/%1{login_user}/%{login_user}:INDEXPVT=/srv/indexes/%1n/%n/master/%{login_user}:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n/master/%{login_user} driver = ldap master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile:/srv/shared/dovecot/global-acls:cache_secs=300 acl_shared_dict = fs:posix:prefix=/srv/shared/dovecot/shared-acls/ fts = solr fts_autoindex = yes fts_autoindex_max_recent_msgs = 20 fts_index_timeout = 60 fts_solr = url=http://localhost:8983/solr/dovecot/ last_login_dict = fs:posix:prefix=~/ last_login_key = lastlogin mail_log_events = delete undelete expunge copy mailbox_delete
deny passdb match messages logged only with auth_verbose=yes
Hi at all, using deny passwd to restrict IMAP/POP3 access (https://wiki.dovecot.org/Authentication/RestrictAccess), I get deny passdb match messages: Feb 13 16:09:33 server-02 dovecot: auth: passwd-file(USERNAME,10.10.10.46,<9hzaYRllbsCTehgu>): User found from deny passdb only with auth_verbose=yes, sets global or defined in passdb block. But if I set auth_verbose=yes, for every user not present in passwd-file, Dovecot logs: Feb 13 16:09:57 server-02 dovecot: auth: passwd-file(USERNAME,10.10.10.46,<9hzaYRllbsCTehgu>): unknown user I know that if the account does not exist in the first passdb (deny passdb), then the error occur, even if it exists in the other passdb. This is normal, but auth_verbose shouldn't be used only to " Log unsuccessful authentication attempts and the reasons why they failed." ?? Again, I'm not a programmer, but 'auth_request_log_info' function in 'https://github.com/dovecot/core/blob/release-2.2.33/src/auth/auth-request.c' seems to log events only when 'auth_verbose=yes'. Is there another way to get deny passdb match messages, without enable verbose log ? Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
Re: BUG: panic when using fs:posix as dict for acl_shared_dict
On 2018-02-07 13:23, Aki Tuomi wrote: Maybe you can use sqlite3 instead as workaround? Ok, I've done what you suggested; I had some permissions problems on sqlite file/directory, but now it seems to work. Thanks for your advice, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
Re: BUG: panic when using fs:posix as dict for acl_shared_dict
On 2018-02-07 13:23, Aki Tuomi wrote: Maybe you can use sqlite3 instead as workaround? Ok, I try it and let you know. Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
BUG: panic when using fs:posix as dict for acl_shared_dict
Hi, I'm using Dovecot 2.2.33.2 on a RHEL 7, new installation. When I use fs:posix as dict for acl_shared_dict, like in Dovecot wiki (https://wiki.dovecot.org/SharedMailboxes/ClusterSetup), doveadm-server crash with error: # doveadm acl set -u USERNAME FOLDER user=DEST_USERNAME lookup read write-seen doveadm(USERNAME): Panic: file dict-fs.c: line 127 (fs_dict_iterate_init): assertion failed: ((flags & DICT_ITERATE_FLAG_RECURSE) == 0) doveadm(USERNAME): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x9f3de) [0x7f0e4a4b23de] -> /usr/lib64/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7f0e4a4b244a] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f0e4a44377c] -> /usr/lib64/dovecot/libdovecot.so.0(+0x31688) [0x7f0e4a444688] -> /usr/lib64/dovecot/libdovecot.so.0(dict_iterate_init_multiple+0x4d) [0x7f0e4a47cadd] -> /usr/lib64/dovecot/libdovecot.so.0(dict_iterate_init+0x29) [0x7f0e4a47cb89] -> /usr/lib64/dovecot/lib01_acl_plugin.so(acl_lookup_dict_rebuild+0x3e1) [0x7f0e49a40371] -> /usr/lib64/dovecot/lib01_acl_plugin.so(acl_backend_vfile_acllist_rebuild+0x488) [0x7f0e49a3dd18] -> /usr/lib64/dovecot/lib01_acl_plugin.so(acl_backend_vfile_object_update+0x3c7) [0x7f0e49a3e867] -> /usr/lib64/dovecot/lib01_acl_plugin.so(acl_mailbox_update_acl+0x68) [0x7f0e49a41e28] -> /usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so(+0x2c11) [0x7f0e48da1c11] -> /usr/lib64/dovecot/doveadm/lib10_doveadm_acl_plugin.so(+0x3060) [0x7f0e48da2060] -> doveadm(+0x2b41c) [0x556f1280b41c] -> doveadm(+0x2c01a) [0x556f1280c01a] -> doveadm(doveadm_cmd_ver2_to_mail_cmd_wrapper+0x23b) [0x556f1280ce7b] -> doveadm(doveadm_cmd_run_ver2+0x50c) [0x556f1281c73c] -> doveadm(doveadm_cmd_try_run_ver2+0x37) [0x556f1281c7d7] -> doveadm(main+0x1e4) [0x556f127fb944] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f0e4a071c05] -> doveadm(+0x1bd35) [0x556f127fbd35] Aborted Attached coredump and configuration. I'm not a programmer, but seems that assert is raised by 'fs_dict_iterate_init' function inside 'src/lib-dict-extra/dict-fs.c': static struct dict_iterate_context * fs_dict_iterate_init(struct dict *_dict, const char *const *paths, enum dict_iterate_flags flags) { ... /* these flags are not supported for now */ i_assert((flags & DICT_ITERATE_FLAG_RECURSE) == 0); ... because it is called by 'acl_lookup_dict_iterate_read' function in file 'src/plugins/acl/acl-lookup-dict.c' static void acl_lookup_dict_iterate_read(struct acl_lookup_dict_iter *iter) { ... dict_iter = dict_iterate_init(iter->dict->dict, prefix, DICT_ITERATE_FLAG_RECURSE); ... with DICT_ITERATE_FLAG_RECURSE set. Same problem also with Dovecot 2.3.0. Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244 # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 3.10.0-693.17.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708 (Core) auth_debug = yes auth_master_user_separator = * auth_mechanisms = plain login auth_username_format = %Ln auth_verbose = yes auth_verbose_passwords = sha1:6 doveadm_password = # hidden, use -P to show it doveadm_port = 26001 first_valid_uid = 200 hostname = hostname.example.com imap_client_workarounds = delay-newmail imapc_features = rfc822.size fetch-headers imapc_host = hostname.example.com imapc_master_user = dovesuper imapc_password = # hidden, use -P to show it imapc_user = %u lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = Delivered-To listen = * lmtp_hdr_delivery_address = original lmtp_rcpt_check_quota = yes login_trusted_networks = 10.0.0.0/30 10.0.0.0/30 10.0.0.0/23 mail_fsync = always mail_gid = vmail mail_home = /srv/mail/%1n/%n mail_location = mdbox:~/dbox:ALT=/srv/archives/%1n/%n/dbox:INDEX=/srv/indexes/%1n/%n:VOLATILEDIR=/var/tmp/dovecot-volatile/%1n/%n mail_plugins = acl mailbox_alias quota fts fts_solr mail_prefetch_count = 20 mail_server_admin = mailto:postmas...@example.com mail_shared_explicit_inbox = yes mail_uid = vmail mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds spamtest spamtestplus editheader imapflags notify mbox_write_locks = fcntl mdbox_rotate_interval = 1 days mdbox_rotate_size = 64 M mmap_disable = yes namespace inbox { inbox = yes location = mailbox Archives { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use =
Re: Re: Bug in dovecot 2.3 virtual plugin
Hi, did you have time to investigate about 'Panic: file unichar.c' bug ? Because I have the same problem with a 2.3.0 installation without virtual plugin. Thanks, Marco On 2018-01-03 16:52, Aki Tuomi wrote: This is not a bug in virtual plugin, but in some email which contains invalid unicode sequence somehow. Can you send me a core file? This should not have occured ofc but would be nice to know how it ended up here. Aki On January 3, 2018 at 5:35 PM Jakobus Schürz <wertsto...@nurfuerspam.de> wrote: Hi there! I compiled dovecot 2.3 from git. Because there is already a bug in virtual-plugin, and i hoped, it get fixed... but it doesn't. So this is the error-message from the log Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>: Panic: file unichar.c: line 160 (uni_ucs4_to_utf8_c): assertion failed: (uni_is_valid_ucs4(chr)) Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7f8299f7a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7f8299f7a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f8299eec481] -> /usr/local/lib/dovecot/libdovecot.so.0(uni_ucs4_to_utf8_c+0xa0) [0x7f8299fb1500] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xa75e0) [0x7f8299f5b5e0] -> /usr/local/lib/dovecot/libdovecot.so.0(mail_html2text_more+0xc5) [0x7f8299f5b775] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0xcfcc) [0x7f82990aefcc] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_parser_more+0x27) [0x7f82990aeca7] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(fts_build_mail+0x5e9) [0x7f82990acc39] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x1122d) [0x7f82990b322d] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) [0x7f82958e316a] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] -> /usr/local/lib/dovecot/lib20_virtual_plugin.so(+0x916a) [0x7f82958e316a] -> /usr/local/lib/dovecot/lib20_fts_plugin.so(+0x10f5d) [0x7f82990b2f5d] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(mail_precache+0x2e) [0x7f829a2641be] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](+0x2533) [0x562227882533] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f8299f91bf9] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x109) [0x7f8299f93499] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7f8299f91d02] -> /usr/local/lib/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f8299f91f18] -> /usr/local/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f8299f0f1e3] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](main+0xe7) [0x562227881f47] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f8299b352b1] -> dovecot/indexer-worker [jakob Synoptic/AKTUELL](_start+0x2a) [0x56222788201a] Jän 03 16:27:08 aldebaran dovecot[26460]: indexer: Error: Indexer worker disconnected, discarding 1 requests for jakob Jän 03 16:27:08 aldebaran dovecot[26460]: imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Error: indexer failed to index mailbox Synoptic/AKTUELL Jän 03 16:27:08 aldebaran dovecot[26460]: indexer-worker(jakob)<26476><qQ6g1+BhIJvAqAAO:sjYhMTH2TFpsZwAAk1Mx3g>: Fatal: master: service(indexer-worker): child 26476 killed with signal 6 (core dumps disabled) Jän 03 16:27:09 aldebaran dovecot[26460]: indexer-worker(jakob)<26484><qQ6g1+BhIJvAqAAO:J6mUIEz2TFp0ZwAAk1Mx3g>: Error: lucene index /var/lib/dovecot/db/indexes/Maildir/jakob/lucene-indexes: IndexWriter() failed (#1): Lock obtain timed out Jän 03 16:27:10 aldebaran dovecot[26460]: indexer-worker(jakob)<26484><qQ6g1+BhIJvAqAAO:J6mUIEz2TFp0ZwAAk1Mx3g>: Error: Mailbox Synoptic/AKTUELL: Transaction commit failed: BUG: Unknown internal error (attempted to index 1488 messages (UIDs 15214..16775)) Jän 03 16:27:10 aldebaran dovecot[26460]: imap(jakob)<26480>: Error: indexer failed to index mailbox Synoptic/AKTUELL Jän 03 16:27:11 aldebaran dovecot[26460]: imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Panic: file mail-index.c: line 793 (mail_index_close): assertion failed: (index->open_count > 0) Jän 03 16:27:11 aldebaran dovecot[26460]: imap(jakob)<26472><qQ6g1+BhIJvAqAAO>: Error: Raw backtrace: /usr/local/lib/dovecot/libdovecot.so.0(+0xc6021) [0x7fb0fbd3a021] -> /usr/local/lib/dovecot/libdovecot.so.0(+0xc60ed) [0x7fb0fbd3a0ed] -> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fb0fbcac481] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xf39a8) [0x7fb0fc0d99a8] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd92d1) [0x7fb0fc0bf2d1] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(+0xd9363) [0x7fb0fc0bf363] -> /usr/local/lib/dovecot/libdovecot-storage.so.0(index_storage_mailbox_free+0
Re: Dovecot 2.3.0, Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL)
Hi, If I downgrade to Dovecot 2.2.33.2, there are no problems to sync users with ACL Thanks, Marco On 2018-02-02 14:39, Marco Giunta wrote: Hi at all, I have a RHEL7 server with Dovecot 2.3.0 (new installation). I've a problem when trying to dsync from a Dovecot 2.2.24 server. If I try to sync any user with a folder with ACL, dsycn crash with panic: Source server: dsync-local(USERNAME): Debug: sieve: file storage: sync: Synchronization active dovecot: dsync-local(USERNAME): Debug: acl vfile: reading file /var/spool/mail/U/USERNAME/dovecot-acl dsync-local(USERNAME): Error: read(DEST_SERVER.example.com) failed: EOF (last sent=mail_change (EOL), last recv=mailbox) Destination server: Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL) Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xc8cc4) [0x7fa861bc0cc4] -> /usr/lib64/dovecot/libdovecot.so.0(+0xc8d7e) [0x7fa861bc0d7e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7fa861b34190] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x55cbc) [0x7fa861ec1cbc] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_mailbox_import_attribute+0x4d) [0x55b9d4ce215d] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_brain_sync_mails+0x2ef) [0x55b9d4cddbdf] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_brain_run+0x2b0) [0x55b9d4cd93e0] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x43a10) [0x55b9d4cd9a10] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x5837f) [0x55b9d4cee37f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x65) [0x7fa861bd82b5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7fa861bd9b5f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fa861bd83b2] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fa861bd85d8] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x28369) [0x55b9d4cbe369] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x29c07) [0x55b9d4cbfc07] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x3f969) [0x55b9d4cd5969] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x65) [0x7fa861bd82b5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7fa861bd9b5f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fa861bd83b2] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fa861bd85d8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fa861b56b23] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](main+0x1b6) [0x55b9d4cb0536] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fa861756c05] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x1a5f5) [0x55b9d4cb05f5] Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Fatal: master: service(doveadm): child 2149 killed with signal 6 (core dumped) Coredump and configuration attached. On source server I run this command: # doveadm -D backup -f -u USERNAME -x 'Archives*' tcp:DEST_SERVER.example.com but same panic if try to sync from destination server: # doveadm -D backup -fR -u USERNAME -x 'Archives*' tcp:SOURCE_SERVER.example.com Same panic also syncing any user with acl and using different acl_shared_dict (file or fs:posix) in dovecot configuration. Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
Dovecot 2.3.0, Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL)
Hi at all, I have a RHEL7 server with Dovecot 2.3.0 (new installation). I've a problem when trying to dsync from a Dovecot 2.2.24 server. If I try to sync any user with a folder with ACL, dsycn crash with panic: Source server: dsync-local(USERNAME): Debug: sieve: file storage: sync: Synchronization active dovecot: dsync-local(USERNAME): Debug: acl vfile: reading file /var/spool/mail/U/USERNAME/dovecot-acl dsync-local(USERNAME): Error: read(DEST_SERVER.example.com) failed: EOF (last sent=mail_change (EOL), last recv=mailbox) Destination server: Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL) Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xc8cc4) [0x7fa861bc0cc4] -> /usr/lib64/dovecot/libdovecot.so.0(+0xc8d7e) [0x7fa861bc0d7e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7fa861b34190] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x55cbc) [0x7fa861ec1cbc] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_mailbox_import_attribute+0x4d) [0x55b9d4ce215d] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_brain_sync_mails+0x2ef) [0x55b9d4cddbdf] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](dsync_brain_run+0x2b0) [0x55b9d4cd93e0] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x43a10) [0x55b9d4cd9a10] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x5837f) [0x55b9d4cee37f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x65) [0x7fa861bd82b5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7fa861bd9b5f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fa861bd83b2] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fa861bd85d8] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x28369) [0x55b9d4cbe369] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x29c07) [0x55b9d4cbfc07] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x3f969) [0x55b9d4cd5969] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x65) [0x7fa861bd82b5] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x10f) [0x7fa861bd9b5f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x52) [0x7fa861bd83b2] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7fa861bd85d8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fa861b56b23] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](main+0x1b6) [0x55b9d4cb0536] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fa861756c05] -> dovecot/doveadm-server [10.0.11.137 USERNAME INBOX send:mail_requests recv:attributes](+0x1a5f5) [0x55b9d4cb05f5] Feb 2 14:15:23 DEST_SERVER dovecot: dsync-server(USERNAME): Fatal: master: service(doveadm): child 2149 killed with signal 6 (core dumped) Coredump and configuration attached. On source server I run this command: # doveadm -D backup -f -u USERNAME -x 'Archives*' tcp:DEST_SERVER.example.com but same panic if try to sync from destination server: # doveadm -D backup -fR -u USERNAME -x 'Archives*' tcp:SOURCE_SERVER.example.com Same panic also syncing any user with acl and using different acl_shared_dict (file or fs:posix) in dovecot configuration. Thanks, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244 # 2.3.0 (c8b89eb): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.0.1 (d33dca2) # OS: Linux 3.10.0-693.17.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708 (Core) auth_master_user_separator = * auth_mechanisms = plain login auth_username_format = %Ln auth_verbose = yes auth_verbose_passwords = sha1:6 doveadm_password = # hidden, use -P to show it doveadm_port = 26001 first_valid_uid = 200 hostname = server-02.example.com imap_client_workarounds = delay-newmail imapc_features = rfc822.size fetch-headers imapc_host = posta-01.example.com imapc_master_user = dovesuper imapc_password = # hidden, use -P to show it imapc_user = %u lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = Delivered-To listen = * lmtp_hdr_delivery_address = original lmtp_lhlo_dsn = yes lmtp_rcpt_check_quota = yes login_trusted_networks = 10.0.0.172/30 10.0.0.212/30 10.0.0.0/23 mail_fsync = always mail_gid = vmail mail_home = /srv/mail/%1n/%n mail_location = mdbox:~/dbox:ALT=/srv/archives/%1n/%n/
Re: [BUG] dovecot 2.3.0 - service(lmtp) killed with signal 11 when user is overquota
On 2018-01-18 08:01, Aki Tuomi wrote: Hi! This is fixed with https://github.com/dovecot/core/commit/2bf919786518d138cc07d9cc21e14ad5e07e5e56.patch Aki Tuomi yes, it works. Thanks, Marco --
[BUG] dovecot 2.3.0 - service(lmtp) killed with signal 11 when user is overquota
Hi, I'm using dovecot 2.3.0 installed on a new CentOS 7.4 with rpm from Dovecot repo. When I use LMTP to deliver an email to an overquota user, lmtp service hangs with a segfault: Jan 17 13:39:45 server-02.example.com kernel: lmtp[5099]: segfault at 0 ip 563599e372c2 sp 7ffeaa4fdc80 error 4 in lmtp[563599e31000+b000] Jan 17 13:39:45 server-02.example.com dovecot[5089]: lmtp(5099): Fatal: master: service(lmtp): child 5099 killed with signal 11 (core dumped) If I try to deliver a mail with 'dovecot-lda' on the same overquota user, email was rejected, as expected: Jan 17 13:38:26 server-02.example.com dovecot[6773]: lda(USERNAME)<6773>: Debug: Mailbox stdin: Opened mail UID=1 because: copying Jan 17 13:38:26 server-02.example.com dovecot[6773]: lda(USERNAME)<6773>: msgid=unspecified: save failed to INBOX: Quota exceeded (mailbox for user is full) Jan 17 13:38:26 server-02.example.com dovecot[6773]: lda(USERNAME)<6773>: msgid=unspecified: rejected: Quota exceeded (mailbox for user is full) Jan 17 13:38:26 server-02.example.com dovecot[6773]: lda(USERNAME)<6773>: msgid=: Return-Path missing, rejection reason: Quota exceeded (mailbox for user is full) If user is no more overquota, LTMP delivery works: Jan 17 14:13:16 server-02.example.com dovecot[8651]: lmtp(usern...@example.com)<8665>: Debug: Mailbox : Opened mail UID=1 because: copying Jan 17 14:13:16 server-02.example.com dovecot[8651]: lmtp(usern...@example.com)<8665>: Debug: INBOX: Mailbox opened because: quota count Jan 17 14:13:16 server-02.example.com dovecot[8651]: lmtp(usern...@example.com)<8665>: sieve: msgid=<151619479629.10128.16766154794856971...@client.example.com>: stored mail into mailbox 'INBOX' Attached my dovecot configuration and a backtrace from gdb. Thanks, Marco -- #0 lmtp_local_rcpt_reply_overquota (rcpt=rcpt@entry=0x55ee1015b400, error=0x55ee101835c0 "Quota exceeded (mailbox for user is full)") at lmtp-local.c:136 address = lda_set = #1 0x55ee0dff5652 in lmtp_local_rcpt_check_quota (rcpt=0x55ee1015b400) at lmtp-local.c:231 box = 0x55ee10176ef8 status = {messages = 0, recent = 0, unseen = 0, uidvalidity = 0, uidnext = 0, first_unseen_seq = 0, first_recent_uid = 0, last_cached_seq = 0, highest_modseq = 0, highest_pvt_modseq = 0, keywords = 0x0, permanent_flags = 0, flags = 0, permanent_keywords = false, allow_new_keywords = false, nonpermanent_modseqs = false, no_modseq_tracking = false, have_guids = true, have_save_guids = true, have_only_guid128 = false} mail_error = MAIL_ERROR_NOQUOTA ret = client = address = 0x55ee10150770 user = 0x55ee101613e8 ns = error = 0x55ee101835c0 "Quota exceeded (mailbox for user is full)" #2 lmtp_local_rcpt_anvil_finish (rcpt=rcpt@entry=0x55ee1015b400) at lmtp-local.c:287 cmd = 0x55ee10150638 #3 0x55ee0dff5bf8 in lmtp_local_rcpt (client=client@entry=0x55ee10135aa8, cmd=cmd@entry=0x55ee10150638, data=data@entry=0x55ee10150728, username=, detail=0x7f6aa397e4c8 "") at lmtp-local.c:400 conn = address = 0x55ee10150770 trans = rcpt = 0x55ee1015b400 input = {parent_event = 0x0, module = 0x55ee0dff7dc3 "lmtp", service = 0x55ee0dff7dc3 "lmtp", username = 0x55ee100f4210 "usern...@example.com", session_id = 0x55ee10150af0 "pWtqHtE7X1rqEwAASpDaHg", session_id_prefix = 0x0, session_create_time = 0, local_ip = {family = 2, u = {ip6 = {__in6_u = { __u6_addr8 = "\223z\v\205", '\000' , __u6_addr16 = {31379, 34059, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {2232122003, 0, 0, 0}}}, ip4 = { s_addr = 2232122003}}}, remote_ip = {family = 2, u = {ip6 = {__in6_u = {__u6_addr8 = "\223z\030.", '\000' , __u6_addr16 = {31379, 11800, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {773356179, 0, 0, 0}}}, ip4 = {s_addr = 773356179}}}, local_port = 24, remote_port = 47292, userdb_fields = 0x0, Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.26-21.el7.x86_64 dovecot-pigeonhole-2.3.0-4.x86_64 glibc-2.17-196.el7_4.2.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-8.el7.x86_64 libcom_err-1.42.9-10.el7.x86_64 libselinux-2.5-11.el7.x86_64 nspr-4.13.1-1.0.el7_3.x86_64 nss-3.28.4-15.el7_4.x86_64 nss-softokn-freebl-3.28.3-8.el7_4.x86_64 nss-util-3.28.4-3.el7.x86_64 openldap-2.4.44-5.el7.x86_64 openssl-libs-1.0.2k-8.el7.x86_64 pcre-8.32-17.el7.x86_64 zlib-1.2.7-17.el7.x86_64 flags_override_add = (unknown: 0), flags_override_remove = (unknown: 0), no_userdb_lookup = false, debug = false, conn_secured = true, conn_ssl_secured = false} service_user = 0x55ee10150dc8 session_id = 0x55ee10150af0 "pWtqHtE7X1rqEwAASpDaHg" error = 0x0
Share Website certificate with SSL/STL Dovecot IMAP and Postifix SMTP
Hi guys, I've bought a certificate from the authority for my website to use to access in https mode. Is it possible to share the same pairs to authenticate the emails sent by postfix and Dovecot in order to avoid that client as Hotmail.it or Gmail intercept these as Spam? Thank you
Maildir migration from Dovecot to Dovecot
Hello everbody, I'm a proud user of Dovecot 2.2.9 on Ubuntu 14.04 LTS. I currently migrate all my Linux services to a new Debian 8 Jessie Server. On this server I installed and configured Dovecot 2.2.24. Now I search a way to migrate the two IMAP users I have on this server preserving all timestamps, folders and flags. Yes, only two ;-) I read the following two articles: http://wiki2.dovecot.org/Tools/Doveadm/Sync http://wiki2.dovecot.org/Migration/Dsync But I must say, that either these articles are not so good, or I act quite dumb. I understand that I have to use "doveadm backup" against my old server to make a one sync with all properties of each mail. What I miss are proper examples and that there are so many options, I could set. But what confuses me most is the the configuration file in (http://wiki2.dovecot.org/Migration/Dsync) which I don't know how to reference? Am I using the wrong guides, are the article someway misleading or is there anything else I'm overlooking? Thank you so much! -- Marco Hofmann https://www.meinekleinefarm.net/ Twitter: @ZomboBrain
Re: Migrate Dovecot email archive
Yes, infact it's working: after thecopy I've switched mx record and server address on the email client so, the oldmailbox is not used. Mailstorage format was the same on both servers (mbox). I'vepreferred this approach than the use of Dsync or Imapsync tools. Il Lunedì 20 Giugno 2016 9:14, Steffen Kaiser <skdove...@smail.inf.fh-brs.de> ha scritto: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 19 Jun 2016, Marco Usai wrote: > Yesterday I'vemigrated Dovecot mail archive between two servers using the > procedure below: > 1) Createon the new server the same email accounts existing on the old server. > 2) Transferthe "tarred" mail folder from the old to the new server. > For testingpurposes, on Outlook 2007 I've deleted a .pst cache file, forcing > the client todownload all emails again. > > The switchwas absolutely transparent without any problem. All the emails were > availableand Outlook 2007 noticed no changes. > Can Iconsider this a correct procedure or should I use some tools like Dsync ? If you do not change the mail storage format (Maildir -> dbox, or something like that), do not change 32bit -> 64bit, big / little endian a.s.o. and if you make sure the old mailbox is not accessed, while you copy the data over, it should work :-) In fact, I use "rsync". - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBV2eXs3z1H7kL/d9rAQKUUQf/WebZz4IiJogPyWO0vCvJVomDl12E/1cX fDz0FW7wceJrKIYmLfIJa5S4L2r1bimdfVimiPbs3ORMbBV37TXH8lErbLZMSrEi gjn7FI1Q6hF97Lrc1YSn9UkENp9M7bXpXsDPiuOn++KXZ+fM5QkSzKxV2F9YAoap J/efjEo/cliOiSYWC5R4yZ8bIY45x83kxMhWctH3ZQ/dCGWdiAgGxg0l+bP0AurV 7vEJhfhJxdV2FnaQtnhHHRuOFcIVBSyvDWkx9iQZ5ZiTnE9NDsVYf5gkPy+2dkrf XvtZ+G9HRaBGrCkqGJxWZTRzjgtnBYx6lxz+9zPgRVGpguKFR7Qnkg== =2W8A -END PGP SIGNATURE-
Migrate Dovecot email archive
Yesterday I'vemigrated Dovecot mail archive between two servers using the procedure below: 1) Createon the new server the same email accounts existing on the old server. 2) Transferthe "tarred" mail folder from the old to the new server. For testingpurposes, on Outlook 2007 I've deleted a .pst cache file, forcing the client todownload all emails again. The switchwas absolutely transparent without any problem. All the emails were availableand Outlook 2007 noticed no changes. Can Iconsider this a correct procedure or should I use some tools like Dsync ?
Migrate email account from Dovecot to Dovecot servers
Hello, 1) I needto migrate some mbox imap email accounts from a shared webhosting provider toanother one. 2) Bothservers seem to use Devecot, as a telnet command on port 143 shows an identicalresponse:* OK[CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACESTARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 3) I don'tknow Dovecot version because I don't have access to "dovecot --version"command. 4) I can'tuse "doveadm-sync" because the command is not available on my sharedhosting account. 5) I preferto leave imapsync perl script as the last option because I want to preserve theUID. So, I needto know what migration procedure can be adopted: if I copythe /home/user/mail/ directory containing all email account from the sourceserver to the destination server, can I expect to see all accounts working withall the emails transferred ? Should I firstcreate from cPanel all the email account with identical names and password onthe destination server ? Anysuggestion will be much appreciated. Thanks in advance!
Re: Re: Setting lmtp_user_concurrency_limit causes anvil permission error
Same problem here: Apr 26 15:01:37 posta-01 dovecot: lmtp(2432): Error: net_connect_unix(/var/run/dovecot/anvil) failed: Permission denied # ls -l /var/run/dovecot/anvil srw--- 1 root root 0 Apr 26 15:08 /var/run/dovecot/anvil but I don't use 'lmtp_rcpt_check_quota'. Marco On 2016-04-07 14:39, Tom Sommer wrote: On 2016-04-07 13:41, Tom Sommer wrote: I've set lmtp_user_concurrency_limit to 5 and now LMTP throws this at me for every delivery: Apr 07 13:38:33 lmtp(4434): Error: net_connect_unix(/var/run/dovecot/anvil) failed: Permission denied ls -l /var/run/dovecot/anvil srw--- 1 root root 0 Apr 7 13:32 /var/run/dovecot/anvil If I set lmtp_user_concurrency_limit to 0, the error goes away. Hrm, if I disable lmtp_rcpt_check_quota, then the error goes away as well. Very confusing. -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
problem with Sieve Duplicate Extension when used together with fileinto
e...@example.com): rSM3And3GFdFaQAAIDyJFw: sieve: msgid=<20160421064922.26919.68...@myhost.example.com>: stored mail into mailbox 'mail02' Apr 21 08:49:22 smtp-server dovecot: lmtp(use...@example.com): YVCsNPJ3GFd1dgAAIDyJFw: sieve: msgid=<20160421064922.26919.68...@myhost.example.com>: marked message to be discarded if not explicitly delivered (discard action) Apr 21 08:49:23 smtp-server dovecot: lmtp(use...@example.com): bSaBBU53GFdhbwAAIDyJFw: sieve: msgid=<20160421064922.26919.68...@myhost.example.com>: marked message to be discarded if not explicitly delivered (discard action) Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com): fSOyOtV3GFcmdAAAIDyJFw: sieve: msgid=<20160421064927.26926.28...@myhost.example.com>: stored mail into mailbox 'mail01' Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com): sSM3And3GFdFaQAAIDyJFw: sieve: msgid=<20160421064927.26926.28...@myhost.example.com>: stored mail into mailbox 'mail01' Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com): sSM3And3GFdFaQAAIDyJFw: sieve: msgid=<20160421064927.26926.28...@myhost.example.com>: stored mail into mailbox 'mail02' Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com): fSOyOtV3GFcmdAAAIDyJFw: sieve: msgid=<20160421064927.26926.28...@myhost.example.com>: stored mail into mailbox 'mail02' Apr 21 08:49:27 smtp-server dovecot: lmtp(use...@example.com): ZVCsNPJ3GFd1dgAAIDyJFw: sieve: msgid=<20160421064927.26926.28...@myhost.example.com>: marked message to be discarded if not explicitly delivered (discard action) As you can see, the message ID of a single sent, is the same, so the duplicate extension should work. If I replace the 'fileinto' rule with, for example, a 'setflag' rule: --- require ["fileinto", "duplicate", "imap4flags"]; if duplicate { discard; stop; } if address :is :all "to" "mai...@example.com" { setflag "\\seen"; } if address :is :all "to" "mai...@example.com" { setflag "\\seen"; } -- it works like a charm: for every mail sent, the duplicate extension works. What is it wrong ? someone has any clue ? Cheers, Marco -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
Re: Re: Accessing to mail as another user
Hi, we have such configuration in our Dovecot; it is configured with virtual users and acl. To enable access of userA mailbox to userB, first I have to add userB to userA acl, and then I put userA username in an ARBITRARY_FIELD of userB record in our ldap (if you use a db for your account, the configuration could be more simple). We use the ARBITRARY_FIELD to limit the access of other users mailboxes: the field is not writable by the user, only by administrators. Our config files: /etc/dovecot/conf.d/auth-master.conf.ext ... passdb { driver = ldap master = yes args = /etc/dovecot/dovecot-ldap.conf.masterusers pass = yes default_fields = userdb_mail=maildir:/path_to_mailboxes/%1{login_user}/%{login_user}:INDEXPVT=/path_to_indexes/%1n/%n/shared/%{login_user} } and in /etc/dovecot/dovecot-ldap.conf.masterusers ... pass_attrs = uid=user,userPassword=password pass_filter = (&(uid=%n)(accountStatus=active)(ARBITRARY_FIELD=%{login_user})) to login, you have to use the same way of a masteruser: Login: userA*userB Password: userB_password Cheers, Marco On 2016-02-10 07:49, Angel L. Mateo wrote: El 09/02/16 a las 13:44, Matthias Fechner escribió: do you maybe mean shared mailboxes: http://wiki.dovecot.org/SharedMailboxes I don't want shared mailboxes. I have to access the other mailbox as a complete separate account from my personal one. I think I can achive this with master user, but I need to found a way to configure permissions so the real user has access to all folders in the other mailbox. -- Marco Giunta - ITCS SysAdmin Via Bonomea, 265 34136 - Trieste, Italy Tel: +39-040-3787-503 Fax: +39-040-3787-244
How to apply the patch for disable SSL3 on Dovecot 2.0.9
Hi,I see on Dovecot 2.0.9 is no possibile disable SSL3 Until I wait the panel of my server will look into this issue and maybe put a more updated version, how I can fix this?I found on the Internet http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 also link to the patch http://www.mail-archive.com/dovecot@dovecot.org/msg59945.html I don't know what to do for fix the SSL 3 Issue I AM On CentoOs 6.3Thanks.
Re: separate passdb for unix_listener
You can have a separate dovecot instance for smtp-auth and use that socket in postfix config. Just use a small config like the one below for the "auth only instance" and fire it up with "dovecot -F -c /etc/dovecot/dovecot-auth.conf" you can then copy and adapt the systemd script or what ever to start it automatically. in that sql-conf you just need a password_query, no user_query. --- base_dir = /var/run/dovecot-auth instance_name = dovecot-auth passdb { driver = sql args = /etc/dovecot/dovecot-auth-sql.conf.ext } # disable listeners service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 0 } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 0 } } service auth { unix_listener auth-userdb { #mode = 0666 #user = #group = virtual_mail } # Postfix smtp-auth socket unix_listener /var/spool/postfix/private/auth-smtp { mode = 0660 group = virtual_mail } # Auth process is run as this user. #user = $default_internal_user } --- On 06.10.2015 17:53, Damon wrote: > I want to use a separate passed for the unix_listener (postfix smtp-auth) so > i can limit access to the smtp server by user/domain using the postfixadmin > database. > I want to let users access map to receive email but not be able to send. > > Any ideas? > > Thanks > Damon
BUG: service(auth) crash when quota-status lookup an address with local-part starting with auth_master_user_separator
icy sender=john...@example.com recipient=;jane...@example.com size=1 action=DEFER_IF_PERMIT Internal error occurred. Refer to server log for more information. and server log: Sep 29 10:20:00 my_server dovecot: auth: userdb(?): Username character disallowed by auth_username_chars: 0x2a (username: *@example.com) Sep 29 10:20:31 my_server dovecot: auth: userdb(?): Username character disallowed by auth_username_chars: 0x2a (username: *jane...@example.com) Sep 29 10:20:54 my_server dovecot: auth: Panic: file auth-request.c: line 1252 (auth_request_set_login_username): assertion failed: (*username != '\0') Sep 29 10:20:54 my_server dovecot: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a7126a] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a712d6] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a70cac] -> dovecot/auth [0x4131eb] -> dovecot/auth(auth_request_set_username+0x94) [0x413284] -> dovecot/auth [0x40dc4c] -> dovecot/auth [0x40e60b] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x49) [0x3d70a82699] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd5) [0x3d70a83a55] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x3d70a82739] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x3d70a829b8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x3d70a29233] -> dovecot/auth(main+0x383) [0x41cfc3] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x3302e1d9f4] -> dovecot/auth [0x40b5f9] Sep 29 10:20:54 my_server dovecot: quota-status: Error: userdb lookup(;@example.com): Disconnected unexpectedly Sep 29 10:20:54 my_server dovecot: auth: Fatal: master: service(auth): child 19941 killed with signal 6 (core dumps disabled) Sep 29 10:21:15 my_server dovecot: auth: Panic: file auth-request.c: line 1252 (auth_request_set_login_username): assertion failed: (*username != '\0') Sep 29 10:21:15 my_server dovecot: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a7126a] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a712d6] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3d70a70cac] -> dovecot/auth [0x4131eb] -> dovecot/auth(auth_request_set_username+0x94) [0x413284] -> dovecot/auth [0x40dc4c] -> dovecot/auth [0x40e60b] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x49) [0x3d70a82699] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd5) [0x3d70a83a55] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9) [0x3d70a82739] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x3d70a829b8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x3d70a29233] -> dovecot/auth(main+0x383) [0x41cfc3] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x3302e1d9f4] -> dovecot/auth [0x40b5f9] Sep 29 10:21:15 my_server dovecot: quota-status: Error: userdb lookup(;jane...@example.com): Disconnected unexpectedly Sep 29 10:21:15 my_server dovecot: auth: Fatal: master: service(auth): child 20758 killed with signal 6 (core dumps disabled) of course, I don't have any address '*@example.com' or '*jane...@example.com', but some bot in internet try to send emails to these addresses, and my Postfix ask my dovecot server for the quota of '*' or '*janedoe' user. I've solved the problem adding a REJECT rule to Postfix to discard the mail to '*@example.com' before the quota check, but this problem should be solved in Dovecot. thank you, Marco My configuration: # 2.2.15: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 (3e924b1b6c5c+) # OS: Linux 2.6.18-406.el5 x86_64 Red Hat Enterprise Linux Server release 5.11 (Tikanga) ext3 auth_master_user_separator = * auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = sha1 disable_plaintext_auth = no doveadm_password = XXX doveadm_port = 12345 first_valid_uid = 200 hostname = myserver.example.com imap_client_workarounds = delay-newmail lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = X-Original-To listen = * login_log_format_elements = user=<%u> PID=%p method=%m rip=%r lip=%l %c login_trusted_networks = XXX.XXX.XXX.XXX mail_gid = mail mail_home = /var/spool/mail/%1n/%n mail_location = maildir:/var/spool/mail/%1n/%n:INDEX=/var/shared/indexes/%1n/%n mail_plugins = acl mailbox_alias quota mail_shared_explicit_inbox = yes mail_uid = vmail maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate vacation-seconds imapflags notify mbox_write_locks = fcntl mmap_disable = yes namespace archives { hidden = no inbox = no list = children location = maildir:/var/spool/archives/%1n/%n:IN
Re: mirroring one domain.tld to domain.tld.au
On 28.09.2015 16:47, voy...@sbt.net.au wrote: > I have Postfix/Dovecot/postfixadmin/MySQL with several virtual mailbox > domains > > one of the domains is like aname.com.au, the user also now has aname.com, > and, would like to 'mirror' most of the addresses to be u...@aname.com, > THOUGH, some are to remain as us...@aname.com.au I usually do this by having 4 tables in mysql: hosting (links everything together, links to a product table, quota, what ever) domains (domainnames) accounts (homedir, password, etc.) usernames - one hosting has many accounts - one hosting has many domains (domain aliases) - one account has many usernames (localpart aliases for same account) then you can match like anything you want out of this and you use similar queries for postfix and dovecot. in the domains table you could have a column boolean "maindomain" and in the account table you have a column "maindomain_only"... for my use, users don't care if there are other alias combinations - they just don't use it then. but they can login with any combination of @ and it's still only one mail directory per account. it's also a good idea to name the maildirectory like /, so you don't have the domain / username hardcoded anywhere. just some thoughts, works great for me - but depends on your exact use case. you can do like anything you want in SQL for postfix and dovecot keep performance in mind though :-) > > so, both u...@aname.com as well as u...@aname.com.au should be one user > > the users retrive emails as u...@aname.com.au > > longer term... some would want to use aname.com.au. some, aname.com > > what's the best/proper way to do so in Dovecot ? > > I think I can do Postfix with postfixadmin to "Mirror addresses of one of > your domains to another." > > but what do I do at the Dovecot end...? > > thanks for any pointers, suggestions or advice
Re: distuguish between different domains
>> the dovecot service does not care about the server dns name. the dns >> name resolves to the IP address on the client (roundcube) and the client >> connects to the server. if the same dovecot instance listens to all / >> both IP address, client will end up on this dovecot instance and all >> valid user-password combinations are authorized. that's the way it has >> to be, otherwise virtual / mass virtual domain hosting would not be >> possible as you cannot spawn 1000 instances on the same machine (ok, in >> theory you could do that :D) > No, it's only impossible if you are using passdb or otherwise > authenticating against real users of the system. If you are using > virtual users (SQL, LDAP, etc.), you can include the domain name in the > auth lookups. > > Andreas was asking about the fqdn where the imap client is connecting to, not the user name / e-mail address. you can use localpart and domain from the email address in passdb / userdb lookups but dovecot (imap) is nothing like http where you send the a hostname of the site you're conncting to in the header.
Re: BUG: service(auth) crash when quota-status lookup an address with local-part starting with auth_master_user_separator
On 2015-09-29 11:06, Timo Sirainen wrote: On 29 Sep 2015, at 11:36, Marco Giunta <giu...@sissa.it> wrote: > but a better fix would be to disale the separator for these lookups. I think something like this would work: auth_master_user_separator = * protocol quota-status { # disable auth_master_user_separator = } Thank you Timo, this works like a charms on 2.2.16; I'm waiting 2.2.19 to update my servers. Marco -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: giu...@sissa.it| ---
Re: distuguish between different domains
On 28.09.2015 10:48, Andreas Meyer wrote: > Hello! > > Marco Fretz <marco.fr...@gmail.com> schrieb am 28.09.15 um 08:29:59 Uhr: > >> Hi Andreas, >> >> I'm not 100% sure what you're trying to accomplish. >> >> smtp_server in roundcube is the outgoing server (submission server, i.e. >> postfix). Mailbox is IMAP (dovecot). >> You can easily spawn 2 instances of dovecot, one serving aaa.de and one >> serving bbb.de on different IPs. > How do I do this? http://wiki2.dovecot.org/RunningDovecot I do this by creating a 2nd startup script / systemd service you can then use another dovecot config file and specify different listen IPs (and Ports). This is also useful for different SSL certs per domain / ip, etc. > >> What exactly is the problem with 2 domains on one dovecot? I mean user >> @aaa.de usually does not have the password for @bbb.de and vise versa. > What is irritating me is that when there are two domains served by > dovecot, in the client I can specify server.aaa.de although I have > an email-address u...@bbb.de and connect as such. > > For my understanding it should not be possible to connect to server > server.aaa.de with an address line u...@bbb.de and dovecot serves > the mailbox of that user. the dovecot service does not care about the server dns name. the dns name resolves to the IP address on the client (roundcube) and the client connects to the server. if the same dovecot instance listens to all / both IP address, client will end up on this dovecot instance and all valid user-password combinations are authorized. that's the way it has to be, otherwise virtual / mass virtual domain hosting would not be possible as you cannot spawn 1000 instances on the same machine (ok, in theory you could do that :D) > >> About the sending server in roundcube: I don't think there is a way to >> have a different submission server for different sender domains in >> roundcubde. But you could use the postfix configuration to map sender >> domains to different outgoing connection IPs. > Postfix is not the problem. It's the login into the IMAP-server that > is irritating me. Or am I completely wrong? > > Regards > > Andreas
Re: distuguish between different domains
Hi Andreas, I'm not 100% sure what you're trying to accomplish. smtp_server in roundcube is the outgoing server (submission server, i.e. postfix). Mailbox is IMAP (dovecot). You can easily spawn 2 instances of dovecot, one serving aaa.de and one serving bbb.de on different IPs. What exactly is the problem with 2 domains on one dovecot? I mean user @aaa.de usually does not have the password for @bbb.de and vise versa. About the sending server in roundcube: I don't think there is a way to have a different submission server for different sender domains in roundcubde. But you could use the postfix configuration to map sender domains to different outgoing connection IPs. Does this help? If not, please tell us more about what you're trying to do. regards Marco On 27.09.2015 19:53, Andreas Meyer wrote: > Hello! > > I asked myself wether it is possible to distinguish between > different doamins in dovecot so that a user only sees his > mailbox when he is connecting with us...@aaa.de specifying > the server with mail.aaa.de for example. > > So the server does not handout the mailbox for us...@bbb.de > when the client connects to mail.aaa.de as us...@bbb.de > > I have this problem with roundcube. Dovecot is responisble > for two domains. With roundcube I can login as us...@aaa.de > altough the client is configured like so: > $config['smtp_server'] = 'tls://mail.bbb.de'; > and I am landing in the mailbox of us...@aaa.de > > Is there a way to striktly differentiate between doamins? > Both domains have their own IP-addresses. > > Regards > > Andreas
Re: Problem with SHA2/Geotrust and dovecot 2.0.9
Hi, does the cert work if you open and output it as text with openssl command? not sure if 2.0.9 does support sha2, I think it should - I guess it actually depends on openssl libs not dovecot. On 08.09.2015 15:17, Il Neofita wrote: > Hi > I have renew my geotrust certificate using sha2, and I have problem with > Dovecot 2.0.9 and redhat 6.7. > The same certificate is working in Apache. > > The error is > > dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM > certificate. > > and the configuration file is > > ssl_cert= ssl_key = ssl_ca = > What I should do?
Re: Sieve and forward
Hi, I think the problem is you cannot resign the forwarded message... and if you keep the original sender domain it looses the signature? I'm not a DKIM guru though :-) Maybe just forward it as attachment from the users address... regards Marco On 18.09.2015 00:36, Il Neofita wrote: > Hi > I have already posted to the postfix group, however, I believe that sieve > and dovecot should be able to fix this problem. > When I receive a message from yahoo and the user forward it to a gmail or > yahoo acount this email is considered as spam or rejected. > From yahoo is rejected since it seems that I am try to send spam since the > email should be signed with dkim. > Is there a way to encpuslated or sign in some way. > > Thank you
Re: Multiple passwords for a user (SQL)
I managed to write a ugly but working checkpassword script for dovecot, having multiple passwords for a user. But now I found this: https://github.com/dweuthen/roundcube-application_passwords I think this is the better way to go. the crypt passwords are the biggest problem because you need the stored hash to generate the input hash. I know this is safer, but in my opinion SHA2 or what ever is best available hash in mysql something should do it as well. having application passwords is a bigger security advantage than having stronger hashes in the database. correct me if I'm wrong :-) best regards Marco On 06.10.2014 16:46, Marco Fretz wrote: > > Thank you Steffen, > > This sounds like a plan. checkpassword looks quite simple to use and I > could still use default userdb with dovecot-sql for userhome, quota, etc. > I'll give this a try. > > thanks > Marco > > Am 06.10.2014 13:52, schrieb Steffen Kaiser: > > On Mon, 6 Oct 2014, Marco Fretz wrote: > > >> corresponding user in the users table - one use has many passwords > (1:n). > >> for dovecot this means that it will get multiple rows with passwords > >> back from the "password_query". is there a way to tell dovecot to check > >> all those returned passwords and "pass" the request if one of those > >> passwords match? > > > I think no, but you could craft a PAM module and use the pam passdb or > supply a checkpassword script: > > > http://wiki2.dovecot.org/PasswordDatabase > > > -- Steffen Kaiser >
Re: bug in acl_defaults_from_inbox option
On 2015-09-07 23:10, Timo Sirainen wrote: This happens to all boolean settings inside plugin {}. Not ideal, but also not something that will get fixed without some larger settings code changes. ok, no problem, but I didn't find this note on Dovecot wiki; maybe it is better to add it on a general page about configuration, to save future sysadmin headaches ;-) -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: giu...@sissa.it| ---
sharing INBOX with ACL - share all folders
Hi at all, I have a problem with ACL; I want to share INBOX and Sent folder to an other user, but when I configure ACL on INBOX, all folders are shared (Sent, Junk, Draft, Trash, etc) # doveadm acl get -u janedoe INBOX ID Global Rights user=johndoeexpunge insert lookup post read write write-deleted write-seen # doveadm acl get -u janedoe Sent ID Global Rights user=johndoeexpunge insert lookup post read write write-deleted write-seen # doveadm acl get -u janedoe Trash ID Global Rights # doveadm acl get -u janedoe Drafts ID Global Rights # doveadm acl get -u janedoe Junk ID Global Rights # doveadm mailbox list -u johndoe Trash Junk Drafts Sent Archives Archives.2015 Other Users Other Users.janedoe Other Users.janedoe.Junk Other Users.janedoe.Drafts Other Users.janedoe.Sent Other Users.janedoe.Trash Other Users.janedoe.INBOX INBOX If I remove the INBOX ACL, only 'Sent' folder is shared, as expected: # doveadm acl delete -u janedoe INBOX johndoe # doveadm mailbox list -u provahe Trash Trash.saved-messages Junk Drafts Sent INBOX_spam Archives Archives.2015 Archives.2015.INBOX_spam Other Users Other Users.janedoe Other Users.janedoe.Sent INBOX My Dovecot instance use a single user, and all my mailboxes use standard maildir files: drwx-- 9 vmail mail0 Jul 28 10:59 . drwx-- 12 vmail mail 3864 Jul 28 09:39 .. drwx-- 2 vmail mail0 Jul 28 09:51 cur -rw--- 1 vmail mail0 Jul 28 10:59 dovecot-acl -rw--- 1 vmail mail 16 Jul 28 10:59 dovecot-acl-list -rw--- 1 vmail mail 1448 Jul 28 09:51 dovecot.index.cache -rw--- 1 vmail mail 1016 Jul 28 09:52 dovecot.index.log -rw--- 1 vmail mail 113 Jul 28 09:51 dovecot-uidlist -rw--- 1 vmail mail8 Jul 28 09:39 dovecot-uidvalidity -r--r--r-- 1 vmail mail0 Jul 28 09:39 dovecot-uidvalidity.55b731ac drwx-- 5 vmail mail0 Jul 28 09:39 .Drafts lrwxrwxrwx 1 vmail mail5 Jul 28 09:39 .INBOX_spam - .Junk drwx-- 5 vmail mail0 Jul 28 09:39 .Junk -rw--- 1 vmail mail 16 Jul 28 09:39 maildirsize drwx-- 2 vmail mail0 Jul 28 09:51 new drwx-- 5 vmail mail0 Jul 28 09:50 .Sent -rw--- 1 vmail mail 37 Jul 28 09:39 subscriptions drwx-- 2 vmail mail0 Jul 28 09:51 tmp drwx-- 5 vmail mail0 Jul 28 09:39 .Trash any clue to solve my problem ?? I've already try to play with 'acl_defaults_from_inbox' setting, but no way .. Thank you, Marco # 2.2.15: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 (3e924b1b6c5c+) # OS: Linux 2.6.18-400.1.1.el5 x86_64 Red Hat Enterprise Linux Server auth_master_user_separator = * auth_mechanisms = plain login disable_plaintext_auth = no doveadm_password = doveadm_port = 12345 first_valid_uid = 200 hostname = xxx.sissa.it imap_client_workarounds = delay-newmail lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = X-Original-To listen = * login_log_format_elements = user=%u PID=%p method=%m rip=%r lip=%l %c login_trusted_networks = XXX.XXX.1.172/30 XXX.XXX.24.0/23 mail_gid = mail mail_home = /var/spool/mail/%1n/%n mail_location = maildir:/var/spool/mail/%1n/%n:INDEX=/var/shared/indexes/%1n/%n mail_plugins = acl fts fts_solr mailbox_alias quota mail_shared_explicit_inbox = yes mail_uid = vmail maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate imapflags notify mbox_write_locks = fcntl mmap_disable = yes namespace archives { hidden = no inbox = no list = children location = maildir:/var/spool/archives/%1n/%n:INDEX=/var/shared/indexes/%1n/%n/archives mailbox 2015 { auto = subscribe special_use = \Archive } prefix = Archives. separator = . subscriptions = no type = private } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox INBOX_spam { auto = subscribe special_use = \Junk } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . } namespace others { list = children location = maildir:/var/spool/mail/%%1n/%%n:INDEXPVT=/var/shared/indexes/%1n/%n/shared/%%n prefix = Other Users.%%n. separator = . subscriptions = no type = shared } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_defaults_from_inbox = no acl_shared_dict = file:/var/shared/dovecot/shared-mailboxes.dict fts
bug in acl_defaults_from_inbox option
Hi at all, there is a bug in in acl_defaults_from_inbox option: if you define it with ANY value ('yes', 'no', 'whatyouwant', 'xxx') it acts like the value is ALWAYS 'yes', and Dovecot enable it; the only way to disable it, is comment it or delete from configuration file. With 'acl_defaults_from_inbox = no', or 'acl_defaults_from_inbox = whatyouwant', all my folders get ACLs from INBOX; in my case I want to only share INBOX, but also all other folders were shared. When you comment 'acl_defaults_from_inbox', Dovecot works like expected. Marco # 2.2.15: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 (3e924b1b6c5c+) # OS: Linux 2.6.18-400.1.1.el5 x86_64 Red Hat Enterprise Linux Server auth_master_user_separator = * auth_mechanisms = plain login disable_plaintext_auth = no doveadm_password = doveadm_port = 12345 first_valid_uid = 200 hostname = xxx.sissa.it imap_client_workarounds = delay-newmail lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = X-Original-To listen = * login_log_format_elements = user=%u PID=%p method=%m rip=%r lip=%l %c login_trusted_networks = XXX.XXX.1.172/30 XXX.XXX.24.0/23 mail_gid = mail mail_home = /var/spool/mail/%1n/%n mail_location = maildir:/var/spool/mail/%1n/%n:INDEX=/var/shared/indexes/%1n/%n mail_plugins = acl fts fts_solr mailbox_alias quota mail_shared_explicit_inbox = yes mail_uid = vmail maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate imapflags notify mbox_write_locks = fcntl mmap_disable = yes namespace archives { hidden = no inbox = no list = children location = maildir:/var/spool/archives/%1n/%n:INDEX=/var/shared/indexes/%1n/%n/archives mailbox 2015 { auto = subscribe special_use = \Archive } prefix = Archives. separator = . subscriptions = no type = private } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox INBOX_spam { auto = subscribe special_use = \Junk } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . } namespace others { list = children location = maildir:/var/spool/mail/%%1n/%%n:INDEXPVT=/var/shared/indexes/%1n/%n/shared/%%n prefix = Other Users.%%n. separator = . subscriptions = no type = shared } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_defaults_from_inbox = no acl_shared_dict = file:/var/shared/dovecot/shared-mailboxes.dict fts = solr fts_autoindex = yes fts_autoindex_max_recent_msgs = 20 fts_solr = url=http://solr.localdomain:8080/solr/ mailbox_alias_new = INBOX_spam mailbox_alias_old = Junk quota = maildir:User quota:ns= quota2 = maildir:Archive quota:ns=Archives. quota2_rule = *:storage=20GB quota2_warning = storage=95%% quota2-warning 95 %u quota2_warning2 = storage=90%% quota2-warning 90 %u quota2_warning3 = storage=80%% quota2-warning 80 %u quota_rule = *:storage=5GB quota_rule2 = Trash:storage=+20%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Quota exceeded (mailbox for user is full) quota_status_success = DUNNO quota_warning = storage=100%% quota-warning 100 %u quota_warning2 = storage=95%% quota-warning 95 %u quota_warning3 = storage=90%% quota-warning 90 %u quota_warning4 = storage=80%% quota-warning 80 %u sieve = file:~/sieve;active=~/sieve/.dovecot.sieve sieve_default = /etc/dovecot/sieve/dovecot.sieve sieve_extensions = +notify +imapflags sieve_max_redirects = 16 } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh postmaster_address = postmas...@sissa.it protocols = imap pop3 lmtp sieve rejection_reason = Your message to %t was automatically rejected for the following reason: %n%n%r service auth { inet_listener { port = 49494 } unix_listener auth-userdb { user = vmail } } service dict { unix_listener dict { user = vmail } } service doveadm { inet_listener { port = 26001 } } service imap-login { process_min_avail = 16 service_count = 0 } service imap { process_limit = 2048 } service lmtp { inet_listener lmtp { port = 24 } process_min_avail = 5 } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } process_min_avail = 16 service_count = 0 vsz_limit = 256 M } service quota-status { client_limit = 1
Re: sharing INBOX with ACL - share all folders
Hi Chris, fortunately I've solved the problem with INBOX sharing: there is a bug with option 'acl_defaults_from_inbox'. When you define it with ANY value ('yes', 'no', 'whatyouwant', 'xxx') it acts like the value is ALWAYS 'yes', the only way to disable it, is comment it or delete from configuration file. My Maildir directories and files are all owned by the UNIX user that owns the file. to avoid problems with acl, mailbox sharing and so on, I've changed my configuration from different UNIX users to a single virtual user some years ago Is having it all running as one [UNIX] user a typical configuration for dovecot2? Or just typical of installations using ACLs? I don't know if is typical or not, but it is very simple, and till now I didn't seen any particular problem My configuration is attached in the first email; if you need some explanation, let me know. Marco On 2015-07-28 16:38, Chris Ross wrote: On Jul 28, 2015, at 05:13, Marco Giunta giu...@sissa.it wrote: Hi at all, I have a problem with ACL; I want to share INBOX and Sent folder to an other user, but when I configure ACL on INBOX, all folders are shared (Sent, Junk, Draft, Trash, etc) Hello, Marco. Unfortunately I don’t know why you are seeing the behavior you are, and hope that someone else will be able to help. However, you seem to have accomplished something I’m wanting to do, and have as yet been unable to get working. I have a Users INBOX that I want to share to other users, but something is wrong with the way I’ve configured ACLs and sharing. Perhaps we could discuss off-list more of what your configuration looks like, and how you got there? I’m running on FreeBSD with the ports system version of dovecot2 2.2.16, currently, although I think I’m due an upgrade. You say you’re have My Dovecot instance use a single user”, and I think that’s different than I. My Maildir directories and files are all owned by the UNIX user that owns the file. Maybe this is causing me the permissions problems I’m seeing. Is having it all running as one [UNIX] user a typical configuration for dovecot2? Or just typical of installations using ACLs? Thank you. - Chris -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: giu...@sissa.it| ---
Multiple passwords for a user (SQL)
Hi everyone, I'm not sure if this has been discuessed already as I coun't find anything in the archives - maybe I'm looking for the wrong thing. I want to build something similar to googles app passwords where your use a different password (strong, auto generated) for each device / app. In general I think this is pretty easy on the database side as I just need a password table and link say the passwords with an user_id to the corresponding user in the users table - one use has many passwords (1:n). for dovecot this means that it will get multiple rows with passwords back from the password_query. is there a way to tell dovecot to check all those returned passwords and pass the request if one of those passwords match? thank you, best regards Marco
Re: Multiple passwords for a user (SQL)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thank you Steffen, This sounds like a plan. checkpassword looks quite simple to use and I could still use default userdb with dovecot-sql for userhome, quota, etc. I'll give this a try. thanks Marco Am 06.10.2014 13:52, schrieb Steffen Kaiser: On Mon, 6 Oct 2014, Marco Fretz wrote: corresponding user in the users table - one use has many passwords (1:n). for dovecot this means that it will get multiple rows with passwords back from the password_query. is there a way to tell dovecot to check all those returned passwords and pass the request if one of those passwords match? I think no, but you could craft a PAM module and use the pam passdb or supply a checkpassword script: http://wiki2.dovecot.org/PasswordDatabase -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJUMqs9AAoJEKxm7Ju3UATuwIcP/jOLvioR1EsJCkhsHMG2GgoV bvafQznk8KOhTcTW0X3CrPRoV7D7Lmotw+2W3Z/YFR9w48ra/Tlf25PRGg7tv+KE Wx5xTFKZDzoXgW3Nn7Jg0ylBvgYTQQRFEZWBbwn+N/7hMfHagw0H66iaMqw3LV6A d6BnxjHI+Iq1w7EPPpplsMeqLMxSEbv1t7YrqC5n/ydnllRe7j4WFbkMYywAYxR5 WN8SfhuhvxFec3nSOftCVbVvVSFsAPN/n2OYxgVl5LvgLUdI9NUyqpxA/Rj2KVhb +V+/NB/TKEpIBe1Byeb1W8cLeijmgDWXiEQQhG8+3ld21cabqEyQvrRN93FJzHBx n71NTpNul98bZW4BPh4U2uzJMdDzbo8aD5WMJFwczrLwDj/CNhU2W2gh14F4AyhG W9eNRXn9ntdJ2hxhlCb8csLMf9rHd/XgzZkfGEzyvJKPRDONdD7HslP3gFAKo0du xoGe6fw3FJuGg16KkRFWE/dE25fk2y34iliqS1G3j4owMlj79pLV1JsDDI5A1heV f3JNUfMhb1b5lGAI31YoqG5/Ls/0bkMUT6p+BU2ZezYFAUSA2M3EwpsaJkwyu7Ov YTbAG7JOzp7dp/bk6R1PGg11qc9yDHBS4Rm4J+rdLFZ3ibImZ/+0Meb1pRbKLGwV iRaVYK07ag276MQqoLg3 =krqF -END PGP SIGNATURE-
[Dovecot] virtual mailboxes folder structure
Hi, I am trying to find a way to list my virtual mailboxes hiding the namespace prefix into my imap client. Fore example now my “All” mailbox is listed under virtual/ as: Inbox Sent Drafts Spam Trash - virtual All I would like to list as this: Inbox Sent Drafts Spam Trash All This is my 10-mail.conf: http://pastebin.com/DumEbbmy and this is my 15-mailboxes.conf: http://pastebin.com/QFzWGzyC I thought that the list = children paramenter would do but it did not. Thank you
[Dovecot] virtual mailboxes folder structure
Hi, I am trying to find a way to list my virtual mailboxes hiding the namespace prefix into my imap client. Fore example now my “All” mailbox is listed under virtual/ as: Inbox Sent Drafts Spam Trash virtual All I would like to list as this: Inbox Sent Drafts Spam Trash All This is my 10-mail.conf: http://pastebin.com/DumEbbmy and this is my 15-mailboxes.conf: http://pastebin.com/QFzWGzyC I thought that the list = children paramenter would do but it did not. Thank you
[Dovecot] virtual mailboxes folder structure
Hi, I am trying to find a way to list my virtual mailboxes hiding the namespace prefix into my imap client. Fore example now my “All” mailbox is listed under virtual/ as: Inbox Sent Drafts Spam Trash virtual All I would like to list as this: Inbox Sent Drafts Spam Trash All This is my 10-mail.conf: http://pastebin.com/DumEbbmy and this is my 15-mailboxes.conf: http://pastebin.com/QFzWGzyC I thought that the list = children paramenter would do but it did not. Thank you
[Dovecot] Grant access for Unix-User _and_ virtual Users
Hi group, I have installed a postfix as an MTA and configured two main domains as well as two virtual mailbox domains. Normal unix users have their maildir in their homes (/home/%u) and the virtual mailboxes are located in /var/mail/vhosts. It works well, I only have a problem configuring dovecot. I wondered if it's possible to configure it in a way that both, unix users and virtual users, can access their mailboxes. I found some tutorials but they either give access to the normal unix users or to virtual users who are defined in a text file. Here some system infos: - Ubuntu 12.04.2 LTS (Kernel Version: 3.2.0-23) - Dovecot Version: 2.0.19 Hope you understand my problem. Cheers, Marco PS: It's the very first time I use a mailing list, so I hope you can forgive me possible beginner's mistakes.
Re: [Dovecot] Grant access for Unix-User _and_ virtual Users
Hi, In Dovecot you configure one or more password databases and one or more user databases. s. http://wiki2.dovecot.org/Authentication/MultipleDatabases that covers system user + virtual users. Thank you very much. That is exactly that I searched for. Or you can use the static userdb for virtual users and passwd userdb for system users, but place userdb passwd { } before userdb static { }. I think the static version is comfortable for me. Thanks again for your advice. Later, when you know more about Dovecot, you can make the config more efficient. I hope so. This whole mailserver issue is very interesting but also difficult for beginners. Cheers, Marco
Re: [Dovecot] Log successful login plain text password
On 08/28/2013 10:36 AM, wk...@yahoo.com wrote: Maybe you can find a way in this direction http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes This looks interesting. Looks like I could automate also a lot of other stuff this way, e.g. imap syncing accounts to new server, etc. I found out that auth_debug_passwords=yes does log passwords (also successful logins) in proxy mode. But it does not in normal imap/pop server mode, or I did something wrong... It logs something like this: Aug 28 11:13:03 barney dovecot: auth: Debug: client out: OK#0111#011user=ma...@example.com#011host=imap.example.com#011nologin#011proxy#011pass=CLEARPASWORD where CLEARPASWORD is the plain text password.that's pretty much what I need. but using some postlogin script might be the more beautiful way... thanks you all for the responses. all the best On 28.08.2013, at 09:14, Marco Fretz wrote: On 08/28/2013 09:08 AM, wk...@yahoo.com wrote: Hi Marco when running dovecot -a you will find auth_* I think you could you auth_verbose_passwords to fit your needs. thanks. I've already tried this, but it doesn't log the password on successful logins, only when there is password missmatch: from the conf / manual: # In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. #auth_verbose_passwords = no any other ideas? :) all the best On 28.08.2013, at 08:57, Marco Fretz wrote: Hi everyone, I want to use dovecot as a IMAP and POP3 proxy in front of our current E-Mail hosting server to log the plain text passwords of all successful logins for migration reasons. Actually I don't need the password to see in plain text, storing them as SHA256-CRYPT (or something dovecot can use later for auth) hash in a file or DB would be fine, too. I need this for the migration from the current mail server (using proprietary hashing to store passwords) to a new postfix / dovecot base mail system. I played around with auth_debug_passwords and all debug / logging options I found in the manual. Nothing logs successful login plaintext passwords. Any hint welcome. Thanks a lot, Marco
[Dovecot] Log successful login plain text password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi everyone, I want to use dovecot as a IMAP and POP3 proxy in front of our current E-Mail hosting server to log the plain text passwords of all successful logins for migration reasons. Actually I don't need the password to see in plain text, storing them as SHA256-CRYPT (or something dovecot can use later for auth) hash in a file or DB would be fine, too. I need this for the migration from the current mail server (using proprietary hashing to store passwords) to a new postfix / dovecot base mail system. I played around with auth_debug_passwords and all debug / logging options I found in the manual. Nothing logs successful login plaintext passwords. Any hint welcome. Thanks a lot, Marco -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSHZ9tAAoJEKxm7Ju3UATui2cP/A3cf2TrNvOjjtP1TCgZZ5EC igsgngPlKiXU/RwHO9shBLXUyhKDHPGihNf9KL/RjoFnrgX1asPd/RF/2b080IU3 bNO49BLs8QqoroKz5E+TL8UNixlO5YQjnerKfJ5GIJbSUTC3MaxmN62Cl9jEaTWu 4dX3MXoB3ghoxt6FETSLXz6cEXsGd6KvqxolQC13NYtvpZED+qk7z3RywK8Xp/Au Ipx3xEnDRc/YvG3PeJlsjF9Ge80GxVVH0nudNOV/zmyuNfh4PkPRerk1R4Px01zI sxnXvcNjjenCJ6DMKBmOCyBii9Wl9i4opw9k4X4Z6MFEZGiodRz1usKWJMT0VqUG NBEJDOWsoWpasWMCtduBRrNQS3JI+o1tebDAI5n3K4lJ2d27+nosDvdQ8vNlVszM 8nhSn228RQNy9SJZNAvspOYQBM2gt5IQyWGA4jhrMUkwKeTfHZik8vh8lEcwbK9q H6Myue+i+G8wVa57F1V7/7x2LNGn56BWxTDlBrtKdK3KphCgEoCny/f5VYerO8It MnCMLPXI2oCC8qqkK7x45SYSe/eQhgV93LHpI5z25TqyeJ6R+7dglderRDQcNN0n OtbYMYkqlF8xJ4k+rVFwOC5VD7Bq+S2Q4LyLEf7wFH32Dc12pI/SnAL8DPvkNgbL FshgaVOXUEkb0WhnvROl =oEzx -END PGP SIGNATURE-
Re: [Dovecot] Log successful login plain text password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/28/2013 09:08 AM, wk...@yahoo.com wrote: Hi Marco when running dovecot -a you will find auth_* I think you could you auth_verbose_passwords to fit your needs. thanks. I've already tried this, but it doesn't log the password on successful logins, only when there is password missmatch: from the conf / manual: # In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. #auth_verbose_passwords = no any other ideas? :) all the best On 28.08.2013, at 08:57, Marco Fretz wrote: Hi everyone, I want to use dovecot as a IMAP and POP3 proxy in front of our current E-Mail hosting server to log the plain text passwords of all successful logins for migration reasons. Actually I don't need the password to see in plain text, storing them as SHA256-CRYPT (or something dovecot can use later for auth) hash in a file or DB would be fine, too. I need this for the migration from the current mail server (using proprietary hashing to store passwords) to a new postfix / dovecot base mail system. I played around with auth_debug_passwords and all debug / logging options I found in the manual. Nothing logs successful login plaintext passwords. Any hint welcome. Thanks a lot, Marco -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSHaM2AAoJEKxm7Ju3UATuaDcQAIIisd1T999xbuP8fBP19gAV c0/rMGZxy69P2QLp7Y3Lwn6LXXeAiICFWRBtXkoOsVzGXazM+IB6OMr2H3Xa/37v kyO3nfS9+nD3crzPIVM6pQKnDH5ON8Jwr1Y7pufnwb5cvxZzrcB4hZk+dFcLu9eN wwAAB0mRuT1b3gqnX8rtVqqDQPF+vgefrEDEDxysO7fq7I+RlWsbHDKV4porGkd8 3mf+PoQ+QmStgMyVh906taGpainYaARe0O5yoeAO/5/jTOODrzT6vcwv4ffDcp/p NGZUtpomPw9+C4/BXBwPPlYcUNCktaxpVFp5LyBnOLs9WckDZzNpzD0m/HjvFmEI WvgFh3QPK1APTKwsLD1YArfHGqs7/tJRhPDPTI9oO7Y55WP6hJvMNNji0eihDwoG SO7dQkfs/3jIx0AwNN/2M/cT/zBTCPsuqyhAimRMStxR/TYbp9pXxBwAjRv16NS5 NwoL0nXnyPUt+l3deYiYF+wMJG8LVVn11UXTrwEJ7hzIfkiOs9EHKAdKznw74ryl FaqVL3D52cLdYUpfVVj1GaLQT+eIxP9uRbzIKLGzTR6bYWYX4W3YwflicPt9HozH 5H/1eiXXbEu44/h5jbZ2+AAncwsLomBC5fJYRiyZVZcXSozpRFhKkk5q7LSwZtVM WgX/qVgpWSKAsuTPbgtG =C9DH -END PGP SIGNATURE-
[Dovecot] multiple passdbs and auth sockets
I have a few systems which run dovecot 1.x as the authentication backend for Postfix, with multiple auth { } sections like this one, each one with a different passdb and its own socket: auth ldap-10 { passdb ldap { args = /etc/dovecot/dovecot-ldap-10.conf } socket listen { client { path = /var/spool/postfix/private/auth-10 mode = 0666 } } } I need multiple sockets tied to multiple dbs because there are duplicated accounts, but after switching to dovecot 2.1.7 apparently *all* passdbs are checked and dovecot reports this message: Warning: Obsolete setting in /etc/dovecot/conf.d/auth-local.conf.ext:91: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf shows that all my custom sockets are now part of a single service auth { } section, while all the passdbs appear at the top level. How can I update my configuration for dovecot 2.x? -- ciao, Marco
Re: [Dovecot] Per-user seen flags for public read-only mailboxes
On 2013-03-25 09:11, Guido Berhoerster wrote: How can I get per-user SEEN flags to work? Hi, You have to create an empty file named '**dovecot-shared' in your '/srv/mail/public/' directory. Here the reference on dovecot wiki: http://wiki2.dovecot.org/SharedMailboxes/Public?highlight=%28dovecot-shared%29#Maildir:_Per-user_.2BAFw-Seen_flag I've waste a lot of time first time I've configure the same thing on our server Cheers, Marco -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it | ---
Re: [Dovecot] Per-user seen flags for public read-only mailboxes
On 2013-03-25 11:07, Guido Berhoerster wrote: Anything else I have to do to allow seen flags to be set? I've the same configuration and it works like expected : mail_uid = vmail mail_gid = mail namespace public { separator = / prefix = Public/ location = maildir:/path/to/public:INDEX=/path/to/indexes/%u/public subscriptions = no list = children } Which are the permissions of file '/srv/mail/public/dovecot-shared' ??? Did you try with a new user ?? Marco -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it | ---
Re: [Dovecot] Dovecot LDA LDAP lookups on samba4 server ends very often in timeouts (Christian Wiese)
Dear Christian thank you very much - you got it at the very first shot: modified /etc/ openldap/ldap.conf adding REFERRALS off en everything works without issues now many thanks Marco Carcano
[Dovecot] Dovecot LDA LDAP lookups on samba4 server ends very often in timeouts
I hope that someone will be so kind to help me into solving this really strange thing (don't know if it is a bug or not) I have a samba4 server and want to use postfix+dovecot - dovecot version is 2.0.11 as for the postfix side everything is OK (all the LDAP lookups works without any error, tested also manually with postmap -q) the real pain is with dovecot deliver: it seems that sometimes lda tries to lookup to the LDPA (samba 4) server, got a reply, an then report(after 2 minutes) a lookup timeout error the really strange thing is that (very seldom) lda works, but most of the times I got the timeout error. The strange thing is that if I use ldapsearch I never got timeout neither late replies, and even postfix performs its lookups without any issue it seems something related to lda itself (I do not know if I have a wrong configuration, but I think this is not a configuration issue, otherwise it should not work at all) here are the information logged when it does not work - after this log you will find the one when I got the failure (if needed I can provide a .pcap file too) (trailing and leading spaces of AT charcater has been added by me) ## FAULTY DELIVER LOG # Feb 20 12:20:50 sng02 postfix/smtpd[8928]: connect from localhost[127.0.0.1] Feb 20 12:21:14 sng02 postfix/smtpd[8928]: A38D4407F5: client=localhost[127.0.0.1] Feb 20 12:21:20 sng02 postfix/cleanup[8891]: A38D4407F5: warning: header Subject: prova from localhost[127.0.0.1]; from=marco @ senderdomain.tld to=mac @ mydomain.com proto=SMTP helo=senderdomain.tld Feb 20 12:21:20 sng02 postfix/cleanup[8891]: A38D4407F5: message-id=20130220112114.A38D4407F5 @ srv01.mydomain.local Feb 20 12:21:20 sng02 postfix/qmgr[8889]: A38D4407F5: from=marco @ senderdomain.tld, size=371, nrcpt=1 (queue active) Feb 20 12:21:20 sng02 dovecot: lda: Debug: Loading modules from directory: /usr/lib64/dovecot Feb 20 12:21:20 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Feb 20 12:21:20 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib20_expire_plugin.so Feb 20 12:21:20 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib90_sieve_plugin.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_bind Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_simple_bind Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_sasl_bind Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_send_initial_request Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_new_connection 1 1 0 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_int_open_connection Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_connect_to_host: TCP localhost:389 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_new_socket: 16 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_prepare_socket: 16 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_connect_to_host: Trying ::1 389 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_pvt_connect: fd: 16 tm: -1 async: 0 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_open_defconn: successful Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_send_server_request Feb 20 12:21:20 sng02 dovecot: auth: Debug: master in: USER#0111#011marco.carcano#011service=lda Feb 20 12:21:20 sng02 dovecot: auth: Debug: password(marco.carcano): passdb doesn't support credential lookups Feb 20 12:21:20 sng02 dovecot: auth: Error: static(marco.carcano): passdb doesn't support lookups, can't verify user's existence Feb 20 12:21:20 sng02 dovecot: auth: Debug: ldap(marco.carcano): user search: base=DC=mydomain,DC=local scope=subtree filter=(sAMAccountname=marco.carcano) fields=Mailbox,dovecotMailQuota Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_result ld 0x6cba60 msgid -1 Feb 20 12:21:20 sng02 dovecot: auth: Error: wait4msg ld 0x6cba60 msgid -1 (timeout 0 usec) Feb 20 12:21:20 sng02 dovecot: auth: Error: wait4msg continue ld 0x6cba60 msgid -1 all 0 Feb 20 12:21:20 sng02 dovecot: auth: Error: ** ld 0x6cba60 Connections: Feb 20 12:21:20 sng02 dovecot: auth: Error: * host: localhost port: 389 (default) Feb 20 12:21:20 sng02 dovecot: auth: Error: refcnt: 2 status: Connected Feb 20 12:21:20 sng02 dovecot: auth: Error: last used: Wed Feb 20 12:21:20 2013 Feb 20 12:21:20 sng02 dovecot: auth: Error: Feb 20 12:21:20 sng02 dovecot
Re: [Dovecot] Dovecot LDA LDAP lookups on samba4 server ends very often in timeouts
just to complete the informations of this thread, here is the log of a mail delivered succesfully (trailing and leading spaces of AT charcater has been added by me) ## MAIL SUCCEFFULLY DELIVERED LOG # Feb 19 17:41:01 sng02 postfix/smtpd[4006]: connect from localhost[127.0.0.1] Feb 19 17:41:28 sng02 postfix/smtpd[4006]: 95659407F5: client=localhost[127.0.0.1] Feb 19 17:41:36 sng02 postfix/cleanup[4011]: 95659407F5: warning: header Subject: prova from localhost[127.0.0.1]; from=marco @ senderdomain.tld to=mac @ mydomain.com proto=SMTP helo=senderdomain.tld Feb 19 17:41:36 sng02 postfix/cleanup[4011]: 95659407F5: message-id=20130219164128.95659407F5 @ srv01.mydomain.local Feb 19 17:41:36 sng02 postfix/qmgr[3992]: 95659407F5: from=marco @ senderdomain.tld, size=371, nrcpt=1 (queue active) Feb 19 17:41:36 sng02 dovecot: lda: Debug: Loading modules from directory: /usr/lib64/dovecot Feb 19 17:41:36 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Feb 19 17:41:36 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib20_expire_plugin.so Feb 19 17:41:36 sng02 dovecot: lda: Debug: Module loaded: /usr/lib64/dovecot/lib90_sieve_plugin.so Feb 19 17:41:36 sng02 dovecot: auth: Debug: master in: USER#0111#011marco.carcano#011service=lda Feb 19 17:41:36 sng02 dovecot: auth: Debug: password(marco.carcano): passdb doesn't support credential lookups Feb 19 17:41:36 sng02 dovecot: auth: Error: static(marco.carcano): passdb doesn't support lookups, can't verify user's existence Feb 19 17:41:36 sng02 dovecot: auth: Debug: ldap(marco.carcano): user search: base=DC=mydomain,DC=local scope=subtree filter=(sAMAccountname=marco.carcano) fields=Mailbox,dovecotMailQuota Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap(marco.carcano): Connection appears to be hanging, reconnecting Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_unbind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_request (origid 2, msgid 3) Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_request (origid 2, msgid 2) Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_connection 1 1 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_send_unbind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_connection: actually freed Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_connection 1 1 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_send_unbind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_free_connection: actually freed Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_create Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_bind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_simple_bind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_sasl_bind Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_send_initial_request Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_new_connection 1 1 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_int_open_connection Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_connect_to_host: TCP localhost:389 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_new_socket: 16 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_prepare_socket: 16 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_connect_to_host: Trying ::1 389 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_pvt_connect: fd: 16 tm: -1 async: 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_open_defconn: successful Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_send_server_request Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_result ld 0x666a60 msgid -1 Feb 19 17:41:36 sng02 dovecot: auth: Error: wait4msg ld 0x666a60 msgid -1 (timeout 0 usec) Feb 19 17:41:36 sng02 dovecot: auth: Error: wait4msg continue ld 0x666a60 msgid -1 all 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ** ld 0x666a60 Connections: Feb 19 17:41:36 sng02 dovecot: auth: Error: * host: localhost port: 389 (default) Feb 19 17:41:36 sng02 dovecot: auth: Error: refcnt: 2 status: Connected Feb 19 17:41:36 sng02 dovecot: auth: Error: last used: Tue Feb 19 17:41:36 2013 Feb 19 17:41:36 sng02 dovecot: auth: Error: Feb 19 17:41:36 sng02 dovecot: auth: Error: Feb 19 17:41:36 sng02 dovecot: auth: Error: ** ld 0x666a60 Outstanding Requests: Feb 19 17:41:36 sng02 dovecot: auth: Error: * msgid 1, origid 1, status InProgress Feb 19 17:41:36 sng02 dovecot: auth: Error:outstanding referrals 0, parent count 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ld 0x666a60 request count 1 (abandoned 0) Feb 19 17:41:36 sng02 dovecot: auth: Error: ** ld 0x666a60 Response Queue: Feb 19 17:41:36 sng02 dovecot: auth: Error:Empty Feb 19 17:41:36 sng02 dovecot: auth: Error: ld 0x666a60 response count 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_chkResponseList ld 0x666a60 msgid -1 all 0 Feb 19 17:41:36 sng02 dovecot: auth: Error: ldap_chkResponseList returns ld 0x666a60 NULL Feb 19 17:41:36 sng02 dovecot: auth: Error
Re: [Dovecot] statistics on proxy ???
On 2013-02-18 15:15, Timo Sirainen wrote: Nope, sorry. Dovecot proxy is very dummy and can't provide any but the most basic statistics, like number of connections, which you can get another way. are you talking about 'doveadm proxy list' or I'm missing something ??? Marco -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it | ---
[Dovecot] statistics on proxy ???
Hi at all, could I have imap statistics on my dovecot proxy server ?? Here my config: # 2.1.13: /etc/dovecot/dovecot.conf ... mail_plugins = stats ... plugin { ... stats_refresh = 30 secs stats_track_cmds = yes } ... service stats { fifo_listener stats-mail { mode = 0666 } } ... protocol imap { ... mail_plugins = stats imap_stats } File '/var/run/dovecot/stats' is always 0 byte: # ls -la /var/run/dovecot/stats srw---. 1 root root 0 Feb 18 14:24 /var/run/dovecot/stats and 'dovecotadm' say always: # doveadm stats dump session doveadm(root): Info: no statistics available Is there something wrong in my config, or stats are not available on proxy ??? Cheers, Marco
Re: [Dovecot] dovecot 2.1.13, proxy and nologin extras field
On 2013-01-24 09:07, Thomas Leuxner wrote: It needs to be either 'nologin=y' notice the y passed or 'allow_nets='. The problem is that even if I configure 'pass_attrs' to return always 'nologin=y' : pass_attrs = uid=user,userPassword=password,\ =userdb_home=/var/spool/mail/%1u/%u,uidNumber=userdb_uid,gidNumber=userdb_gid,\ =proxy=y,=host=imap.sissa.it,\ =nologin=y,=reason=Reason users are allowed to login: Jan 23 09:16:33 localhost dovecot: auth: Debug: client passdb out: OK#0111#011user=prova#011proxy#011host=imap.example.it#011nologin#011hostip=192.168.11.136#011pass=password It is something wrong in my 'pass_attrs' ??? Marco
Re: [Dovecot] dovecot 2.1.13, proxy and nologin extras field
On 2013-01-24 11:59, Timo Sirainen wrote: On Wed, 2013-01-23 at 13:44 +0100, Marco Giunta wrote: Hi at all, in our test environment, I'm playing with dovecot 2.1.13 configured as imap/pop/managesieve proxy. It is configured to authenticate users with ldap and it works very well. Now, I'd like to temporary disable some users's login, because we are moving to another storage, and I wouldn't stop imap service at all. I've found on Dovecot wiki that I could use 'nologin' extra field, but I wasn't been able to get it work. My dovecot configuration is: nologin field doesn't work with proxying. You'd have to return neither proxy nor host field. With host+nologin it would be treated as a login referral: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Host Of course it would be possible to add yet another check where proxy+host +nologin returned would be treated in yet another way, but that gets too confusing.. I guess it was a mistake to use nologin for login referrals in the first place. And I guess just about no one uses them anyway. So them, so it would be possible to change this behavior.. Ok, thank you for the explanation. In this case, I'll use a 'deny' passdb or a different ldap filter ... Cheers, Marco -- --- |Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it | ---
[Dovecot] dovecot 2.1.13, proxy and nologin extras field
: /usr/lib64/dovecot/auth Jan 22 18:28:32 localhost dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jan 22 18:28:32 localhost dovecot: auth: Debug: auth client connected (pid=3178) Jan 22 18:28:32 localhost dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011lip=192.168.129.109#011rip=192.168.44.31# 011lport=143#011rport=53218 Jan 22 18:28:32 localhost dovecot: auth: Debug: client out: CONT#0111#011 Jan 22 18:28:32 localhost dovecot: auth: Debug: client in: CONT#0111#011AHByb3ZhZm0AY2hlcGFsbGU= Jan 22 18:28:32 localhost dovecot: auth: Debug: ldap(prova,192.168.44.31): pass search: base=ou=People,dc=example,dc=it scope=subtree filt er=((objectClass=qmailUser)(uid=prova)(accountStatus=active)) fields=uid,userPassword,uidNumber,gidNumber Jan 22 18:28:32 localhost dovecot: auth: Debug: auth(prova,192.168.44.31): allow_nets: Matching for network 127.0.0.0/8 Jan 22 18:28:32 localhost dovecot: auth: passdb(prova,192.168.44.31): allow_nets check failed: IP not in allowed networks Jan 22 18:28:32 localhost dovecot: auth: Debug: ldap(prova,192.168.44.31): result: uid=prova uidNumber=2944 gidNumber=650 userPassword={MD5}BjbsTtSovGGs1csswBTI7Q== Jan 22 18:28:34 localhost dovecot: auth: Debug: client out: FAIL#0111#011user=prova I don't understand what is wrong with my configuration with 'nologin'. Do someone have any clue ?? Cheers, Marco
[Dovecot] problems with quota and clients
Hi, I had configured dovecot in a pretty standard way and had it working nicely enough with maildir quotas (no tests done apart for reaching the quota and looking at mails coming back). Still I wanted to have the quota and the actual quota usage displayed in postfixadmin (3.5) but I think I messed with something. Now I can connect to the mailbox, send mail, receive mail, see the quota usage in postfixadmin but: * thunderbird: can create a subfolder if i do so by hand from the client. But if I try sending a mail i get a [TRYCREATE] mailbox error as it seems that thunderbird can't create the Sent box anymore by its own; * thunderbird: when i delete mail, it goes in the trash folder. I try then to delete it from there. In thunderbird indeed I see no mail anymore but the quota level remain the same. Then I try to browser the mail directory and... yep, all the messages are still there! How come? This is the output of dovecot -n and the relevant sql configuration : # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-33-generic i686 Ubuntu 12.04.1 LTS ext4 auth_mechanisms = plain login auth_realms = y.it aaa.com x.it auth_verbose_passwords = plain debug_log_path = syslog dict { quotadict = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_uid = 150 info_log_path = /var/log/syslog last_valid_uid = 150 listen = * mail_debug = yes mail_gid = mail mail_location = maildir:/var/vmail/%d/%u mail_plugins = quota mail_uid = vmail passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = dict:User quota::proxy::sqlquota quota_rule = *:storage=50M quota_rule2 = Trash:storage=+10M } postmaster_address = x...@y.it protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = mail mode = 0600 user = vmail } } service dict { unix_listener dict { group = mail mode = 0660 user = vmail } } ssl_cert = /etc/ssl/certs/dovecot.pem ssl_key = /etc/ssl/private/dovecot.pem userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lda { mail_plugins = quota } protocol imap { mail_plugins = quota imap_quota } protocol pop3 { mail_plugins = quota } grep -v '^ *\(#.*\)\?$' dovecot-dict-sql.conf.ext connect = host=127.0.0.1 dbname=mail user=mail password=xxx map { pattern = priv/quota/storage table = quota2 username_field = username value_field = bytes } map { pattern = priv/quota/messages table = quota2 username_field = username value_field = messages } grep -v '^ *\(#.*\)\?$' dovecot-sql.conf.ext driver = mysql connect = host=localhost dbname=mail user=mail password=xxx default_pass_scheme = MD5-CRYPT password_query = \ SELECT username as user, password, '/var/vmail/%d/%u' as userdb_home, \ 'maildir:/var/vmail/%d/%u' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid \ FROM mailbox WHERE username = '%u' AND active = '1' user_query = \ SELECT '/var/vmail/%d/%u' as home, 'maildir:/var/vmail/%d/%u' as mail, \ 150 AS uid, 8 AS gid, CONCAT('*:storage=',ROUND(mailbox.quota / 1024)) AS quota_rule \ FROM mailbox WHERE username = '%u' AND active = '1' iterate_query = SELECT username AS user FROM mailbox -- -- Questo messaggio è di carattere riservato ed è indirizzato esclusivamente al destinatario specificato. L'accesso, la divulgazione, la copia o la diffusione sono vietate a chiunque altro ai sensi delle normative vigenti, e possono costituire una violazione penale. Nel caso abbiate ricevuto questo messaggio per errore siete tenuti a cancellarlo immediatamente confermando al mittente, a mezzo e-mail, l'avvenuta cancellazione. (Legge Italiana 196/2003).
Re: [Dovecot] multiple users to same e-mail account with ldap authentication
2012/11/13 Robert Schetterer r...@sys4.de: Am 13.11.2012 14:56, schrieb Marco Gatti: 2012/11/13 Robert Schetterer r...@sys4.de: Am 13.11.2012 11:35, schrieb Marco Gatti: Hi, I was looking for a particular case of dovecot configuration I cannot find anywhere. Is there a way dovecot can authenticate via ldap different windows 2008 AD users that have access to the same e-mail account (like user authorization in ms exchange)? For example I want to extend AD schema to let users have 10 email accounts (with multiple domain support). If they are private accounts I think there is no problem at all. But if I want two or more users to access the same mail account what happens? Can I do it with dovecot? Or should I create AD groups and add members to that, to let user access the same mail account? Cheers there may more ways to goal this, for short looking one, way is described here http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm using ldap might be better look i.e http://blog.al-shami.net/2008/05/freebsd-postfix-dovecot-and-active-directory/ http://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x for ideas Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich Thank you Robert for the quick reply. I'm aware of the links you sent me, however they don't give me a clue if what I was asking may me done. I'll try to give more details. I have to build a multiple domain mail server with the use of windows AD authentication. I've managed to add some extra filed in the AD schema like this: mail1: accou...@example1.com box1: /example1.com/account1/ enabled1: TRUE quota1: 100 mail2: accou...@example2.com box2: /example2.com/account2/ enabled2: TRUE quota2: 100 There could be 10 or 50 of them for each AD user. If I use NTLM or PAM authentication (after joining the AD) I have to use AD usernames to login with dovecot and I don't know how then to deal with different email addresses configured per user. If I use LDAP lookup I have to use the email address as username but then if different AD users have to access the same email account how dovecot can manage it??? For example the LDAP configuration for user and password lookup may be something like this: user_attrs = sAMAccountName=mail=maildir:/var/mail/%d/%n,=uid=102,=gid=10050 user_filter = ((objectClass=person)(|((mail1=%u)(enabled1=TRUE)) ((mail2=%u)(enabled2=TRUE pass_attrs = userPassword=password pass_filter = ((objectClass=person)(|((mail1=%u)(enabled1=TRUE)) ((mail2=%u)(enabled2=TRUE I think I may be missing something important in how dovecot works, but cannot find any documentation about it. Regards hm thats complex, however i would not recommand trying change exchange/active dir schemas however the only reason i can think of for what you want is using dovecot as proxy? so what about this ? http://wiki2.dovecot.org/HowTo/ImapcProxy http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy http://wiki2.dovecot.org/Director Hmm I don't know honestly. I'll give it a try. -- Marco
Re: [Dovecot] multiple users to same e-mail account with ldap authentication
2012/11/13 Ben Morrow b...@morrow.me.uk: At 2PM +0100 on 13/11/12 you (Marco Gatti) wrote: 2012/11/13 Robert Schetterer r...@sys4.de: Am 13.11.2012 11:35, schrieb Marco Gatti: Hi, I was looking for a particular case of dovecot configuration I cannot find anywhere. Is there a way dovecot can authenticate via ldap different windows 2008 AD users that have access to the same e-mail account (like user authorization in ms exchange)? For example I want to extend AD schema to let users have 10 email accounts (with multiple domain support). If they are private accounts I think there is no problem at all. But if I want two or more users to access the same mail account what happens? Can I do it with dovecot? Or should I create AD groups and add members to that, to let user access the same mail account? snip I'll try to give more details. I have to build a multiple domain mail server with the use of windows AD authentication. I've managed to add some extra filed in the AD schema like this: mail1: accou...@example1.com box1: /example1.com/account1/ enabled1: TRUE quota1: 100 mail2: accou...@example2.com box2: /example2.com/account2/ enabled2: TRUE quota2: 100 This isn't a good schema to use for this. The mail1, mail2 c attributes represent the same property of different addresses, so they should be the same attribute on different objects. I don't know much about AD's LDAP server, is it straightforward to create brand new objectclasses? If I were doing this in an ordinary LDAP server I might create a class of objects which looked like mailboxAddr: accou...@example1.com mailboxLocation: /example1/account1 mailboxEnabled: TRUE mailboxQuota: 100 with mailboxAddr as the RDN, and then give each user a multi-valued mailbox attribute with the addresses that user has access to. You mean multi-valued mailboxAddr, mailboxLocation, and so on? How can I extract a single one and be sure it's correct? There could be 10 or 50 of them for each AD user. If I use NTLM or PAM authentication (after joining the AD) I have to use AD usernames to login with dovecot and I don't know how then to deal with different email addresses configured per user. If I use LDAP lookup I have to use the email address as username but then if different AD users have to access the same email account how dovecot can manage it??? If you want the user to be able to log in and see just one address at a time you have to have the user tell dovecot which user and which address they want when they log in. Since (usually) the only fields you have are 'user' and 'password', they will need to stuff both components into the user field somehow; perhaps by logging on with a user name of u...@domain.ad!accou...@example.com You would then need (probably) to write a checkpassword userdb script to split this into username and account name, verify the user is authorized for the account, look up the mailbox location using the account name, and pass the username back to be checked against the password. So, it could be done, but it would be messy and users would get it wrong all the time. Since users don't configure mail clients on their own it could be a solution! Alternatively, you could have the user log in with their ordinary AD account name, and then present them with *all* the email accounts they have access to, as separate (trees of) folders. You can do this with a post-login script which sets up a namespace for each account: see the example at the bottom of http://wiki2.dovecot.org/PostLoginScripting for something vaguely similar. You would need to use Net::LDAP (or some equivalent in some other language) to look up the user's accounts in the AD, and then create the relevant environment variables. (I'm not sure what to do about INBOX in a setup like this: I don't think you're allowed to *not* have an INBOX. Probably each user should have one 'canonical' private account, which contains their IMAP INBOX. If you didn't want to do this I expect you could set up a default namespace which is read-only, with just an empty INBOX in it.) If you want to try this, and you're having trouble getting the scripting right, I'd be happy to help you through it if you can post enough information about the LDAP schema you eventually decide on. Ben All accounts in a tree sounds bad since users won't clearly understand which is which. Thank you Ben! -- Marco
Re: [Dovecot] multiple users to same e-mail account with ldap authentication
2012/11/13 Willie Gillespie wgillespie+dove...@es2eng.com: On 11/13/2012 03:35 AM, Marco Gatti wrote: Is there a way dovecot can authenticate via ldap different windows 2008 AD users that have access to the same e-mail account (like user authorization in ms exchange)? Symlinks on the Dovecot maildirs? You'd have to read up on the caveats of that: http://wiki.dovecot.org/SharedMailboxes/Symlinks I would like to keep the configuration of new accounts on the Windows AD only and not to deal with links every time. But the problem I have is at authentication time: avoiding the matched multiple objects or a general authentication failure. Cheers -- Marco
[Dovecot] multiple users to same e-mail account with ldap authentication
Hi, I was looking for a particular case of dovecot configuration I cannot find anywhere. Is there a way dovecot can authenticate via ldap different windows 2008 AD users that have access to the same e-mail account (like user authorization in ms exchange)? For example I want to extend AD schema to let users have 10 email accounts (with multiple domain support). If they are private accounts I think there is no problem at all. But if I want two or more users to access the same mail account what happens? Can I do it with dovecot? Or should I create AD groups and add members to that, to let user access the same mail account? Cheers -- Marco
Re: [Dovecot] multiple users to same e-mail account with ldap authentication
2012/11/13 Robert Schetterer r...@sys4.de: Am 13.11.2012 11:35, schrieb Marco Gatti: Hi, I was looking for a particular case of dovecot configuration I cannot find anywhere. Is there a way dovecot can authenticate via ldap different windows 2008 AD users that have access to the same e-mail account (like user authorization in ms exchange)? For example I want to extend AD schema to let users have 10 email accounts (with multiple domain support). If they are private accounts I think there is no problem at all. But if I want two or more users to access the same mail account what happens? Can I do it with dovecot? Or should I create AD groups and add members to that, to let user access the same mail account? Cheers there may more ways to goal this, for short looking one, way is described here http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm using ldap might be better look i.e http://blog.al-shami.net/2008/05/freebsd-postfix-dovecot-and-active-directory/ http://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x for ideas Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich Thank you Robert for the quick reply. I'm aware of the links you sent me, however they don't give me a clue if what I was asking may me done. I'll try to give more details. I have to build a multiple domain mail server with the use of windows AD authentication. I've managed to add some extra filed in the AD schema like this: mail1: accou...@example1.com box1: /example1.com/account1/ enabled1: TRUE quota1: 100 mail2: accou...@example2.com box2: /example2.com/account2/ enabled2: TRUE quota2: 100 There could be 10 or 50 of them for each AD user. If I use NTLM or PAM authentication (after joining the AD) I have to use AD usernames to login with dovecot and I don't know how then to deal with different email addresses configured per user. If I use LDAP lookup I have to use the email address as username but then if different AD users have to access the same email account how dovecot can manage it??? For example the LDAP configuration for user and password lookup may be something like this: user_attrs = sAMAccountName=mail=maildir:/var/mail/%d/%n,=uid=102,=gid=10050 user_filter = ((objectClass=person)(|((mail1=%u)(enabled1=TRUE)) ((mail2=%u)(enabled2=TRUE pass_attrs = userPassword=password pass_filter = ((objectClass=person)(|((mail1=%u)(enabled1=TRUE)) ((mail2=%u)(enabled2=TRUE I think I may be missing something important in how dovecot works, but cannot find any documentation about it. Regards -- Marco
[Dovecot] No ports listening
Please forgive my newbie post but this has me stumped. I've been a happy Dovecot 0.X and 1.X admin for years but something in my first 2.X configuration is oddly broken. It loads fine, logs no errors, but doesn't listen to any network ports! Thanks in advance for any help. Marco # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 2.6.35.14 x86_64 Ubuntu 10.10 ext4 auth_debug = yes auth_mechanisms = plain login first_valid_gid = 111 first_valid_uid = 111 login_greeting = example.com pop/imap ready mail_location = mbox:/var/mail/%u.imap:INBOX=/var/mail/%u passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { mode = 0666 } } service imap-login { inet_listener imap { address = * port = 143 } inet_listener imaps { address = * port = 993 } process_limit = 50 } service pop3-login { inet_listener pop3 { address = * port = 110 } inet_listener pop3s { address = * port = 995 } process_limit = 50 } ssl_cert = /etc/ssl/mail.example.com.crt ssl_key = /etc/ssl/mail.example.com.key syslog_facility = local0 userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } valid_chroot_dirs = /var/mail verbose_proctitle = yes verbose_ssl = yes protocol lda { postmaster_address = postmas...@example.com }
Re: [Dovecot] Mail lost - maybe a bug???
Hello Timo of course we have entries: grep 'pop3.*mmanzoni.*del=0.*' deliver.log* |grep Dec 12 deliver.log.2:Dec 12 13:13:19 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=23/2025701, del=0/3920, size=700800292 deliver.log.2:Dec 12 13:46:02 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=1/475746, del=0/3921, size=701276018 deliver.log.2:Dec 12 14:58:08 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=8/911587, del=0/3929, size=702187446 deliver.log.2:Dec 12 14:58:09 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3929, size=702187446 deliver.log.2:Dec 12 15:55:24 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=1/936418, del=0/3930, size=703123844 deliver.log.2:Dec 12 16:40:59 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=1/421415, del=0/3931, size=703545240 deliver.log.2:Dec 12 16:43:23 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 deliver.log.2:Dec 12 17:37:21 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 deliver.log.2:Dec 12 17:44:38 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 deliver.log.2:Dec 12 18:14:29 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 deliver.log.2:Dec 12 18:17:50 srv001 dovecot: pop3(mmanzoni): Disconnected: Logged out top=0/0, retr=0/0, del=0/3931, size=703545240 Also what kind of tools are ever accessing mails? Is it just Dovecot LDA + IMAP + POP3? No doveadm or any external tools? yes, only LDA + IMAP + POP3, no external tools I hope you have some ideas Kind regards Marco carcano
Re: [Dovecot] Mail lost - maybe a bug???
not received the message - I tried also grepping for the object in the maildir, but haven't been able to get it what do you think about this? I really do not know where this issue can be - the only componet I suppose could have some kind of problem is in the LDA phase, but I'm just supposing do you want to give a look to my config files? If so, which one could be interesting to post? kind regards Marco Carcano Il giorno 17/nov/11, alle ore 18:34, Timo Sirainen ha scritto: On 17.11.2011, at 18.47, Marco Carcano wrote: Oct 27 11:20:34 srv001 dovecot: lda(user3): msgid=e9447410-51fe-45ff-b624-197840b9a...@usstlz-pinfez02.emrsn.org : saved mail to INBOX If Dovecot logs this, then the message definitely was saved to INBOX. it is exactly what I told to my colleagues, but belive me, sometime some mail get lost - Most likely reason for this is that the user's client deletes the message. Possibly an automatic client side filter or some UI issue that causes user to accidentally delete a mail. The mail_log plugin's logging would have showed if this was the case. I suspect however that could be mine misconfiguration somewhere, so that lda sometimes write the email not in the right place, but elsewhere, and just write the phrase saved mail to INBOX in the logs (however I'm wondering why sometimes?!?) I can't think of any reason why it would randomly write to a wrong place. I tried to find the missed email in the Maildir, but have not been able to get it - the commands used are cd /home/mailboxstore/theuser/Maildir grep 629222 */* |grep RE: grep 629222 .Drafts/* |grep RE: grep 629222 .Drafts/*/* |grep RE: grep 629222 .Junk/* |grep RE: grep 629222 .Posta\ eliminata/* |grep RE: grep 629222 .Posta\ indesiderata/* |grep RE: grep 629222 .Posta\ inviata/* |grep RE: grep 629222 .Sent/* |grep RE: grep 629222 .Templates/* |grep RE: grep 629222 .Trash/* |grep RE: Only the grep 629222 .Drafts/*/* |grep RE: was grepping from mail files. Easier would be just: grep -r RE:.*629222 . I really think is some kind of misconfiguration of mine, may you help me, please? Just tell me what pieces of config to show (just not to flood the whole config) I doubt this is related to configuration. But you could enable http://wiki2.dovecot.org/Plugins/Lazyexpunge so that messages won't be lost if they are expunged. The next time a message is lost, you would most likely find it from the lazy-expunge namespace. (Then you could write a script that deletes e.g. 1 week old files nightly.)
Re: [Dovecot] Mail lost - maybe a bug???
Hello Timo and thanks again for the ultra quick reply! Enabling mail_log plugin and/or lazy_expunge plugin would have helped more (both mentioned in my previous mail). Sorry - I thought I have enabled it, but maybe I did something wrong with the configuration and it was not enabled: here is what I did in order to enable mail_log: syslog_facility = local5 mail_debug = yes plugin { # Events to log. Also available: flag_change append mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename # Group events within a transaction to one line. #mail_log_group_events = no # Available fields: uid, box, msgid, from, subject, size, vsize, flags # size and vsize are available only for expunge and copy events. #mail_log_fields = uid box msgid size } There's really nothing in the LDA log that could explain why the message gets lost. It most likely was successfully delivered by LDA, but got deleted afterwards for some reason. You mean that this user's mails are never supposed to be deleted via POP3? Verify that with: yes, you got it - it is never supposed only because we are debugging ;O) grep 'pop3.*mmanzoni.*del=[^0]' /var/log/dovecot.log or wherever those POP3 disconnection messages are logged, i.e. you should find lots of messages with: grep 'pop3.*mmanzoni.*del=0' /var/log/dovecot.log OK, tried the following - I have varoius log files grep 'pop3.*mmanzoni.*del=[^0]' deliver.log* and got nothing grep 'pop3.*criva.*del=[^0]' deliver.log* and got deliver.log.1:Dec 15 12:26:16 srv001 dovecot: pop3(criva): Disconnected: Logged out top=0/0, retr=1/8147, del=1613/1613, size=619997598 deliver.log.1:Dec 15 12:27:39 srv001 dovecot: pop3(criva): Disconnected: Logged out top=0/0, retr=200/50212479, del=200/200, size=50208702 deliver.log.1:Dec 15 12:29:08 srv001 dovecot: pop3(criva): Disconnected: Logged out top=0/0, retr=600/203527129, del=600/600, size=203515938 deliver.log.1:Dec 15 12:30:49 srv001 dovecot: pop3(criva): Disconnected: Logged out top=0/0, retr=1000/310592896, del=1000/1000, size=310574037 deliver.log.1:Dec 15 12:31:10 srv001 dovecot: pop3(criva): Disconnected: Logged out top=0/0, retr=399/44426198, del=399/399, size=44418942 deliver.log.2:Dec 15 00:11:09 srv001 dovecot: pop3(criva): Disconnected: Logged out top=0/0, retr=10530/1684049964, del=10530/10530, size=1683854308 so yes, I'm pretty sure that mmanzoni never deletes messages belive to me - usually I try to solve problems myself without disturbing anyone else, but this time is really hard and I do not know if I could face it alone I hope you can help kind regards Marco Carcano
Re: [Dovecot] Mail lost - maybe a bug???
/0.05, dsn=2.0.0, status=sent (delivered via dovecot service) Nov 12 08:48:06 srv001 postfix/pipe[1445]: 244774E4AA2: to=user2@ourdomain.local , relay=dovecot, delay=0.08, delays=0.01/0.01/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service) Nov 12 08:48:06 srv001 dovecot: lda(theuser): msgid=899eab831ea7414f994704db43677a140450e...@npicmail.npic.com.sa : saved mail to INBOX Nov 12 08:48:06 srv001 postfix/pipe[1447]: 244774E4AA2: to=theuser@ourdomain.local , relay=dovecot, delay=0.09, delays=0.01/0.01/0/0.07, dsn=2.0.0, status=sent (delivered via dovecot service) Nov 12 08:48:06 srv001 dovecot: lda(user4): msgid=899eab831ea7414f994704db43677a140450e...@npicmail.npic.com.sa : saved mail to INBOX Nov 12 08:48:06 srv001 postfix/pipe[1450]: 244774E4AA2: to=user4@ourdomain.local , relay=dovecot, delay=0.26, delays=0.01/0.02/0/0.23, dsn=2.0.0, status=sent (delivered via dovecot service) Nov 12 08:48:06 srv001 postfix/qmgr[4876]: 244774E4AA2: removed Nov 12 08:48:08 srv001 postfix/smtpd[1430]: disconnect from mail.tasnee.com[62.3.52.58] as you can see again, the mail seems delivered, but is not I really think is some kind of misconfiguration of mine, may you help me, please? Just tell me what pieces of config to show (just not to flood the whole config) thank you Marco Carcano
Re: [Dovecot] Mail lost - maybe a bug???
Hello Timo and Urban, and thank you for the very quick reply I have already thought about these things: I have already disabled mailbox deletion from POP3 clients, that actually just leave the messages on the server however, this time noone of the 4 recipients got the email - so it is really strange that all che clients deleted the same message and left all the others we can notice this only a few days after the issue, because customers send us a reminder forwarding the lost mail Il giorno 17/nov/11, alle ore 18:34, Timo Sirainen ha scritto: On 17.11.2011, at 18.47, Marco Carcano wrote: Oct 27 11:20:34 srv001 dovecot: lda(user3): msgid=e9447410-51fe-45ff-b624-197840b9a...@usstlz-pinfez02.emrsn.org : saved mail to INBOX If Dovecot logs this, then the message definitely was saved to INBOX. it is exactly what I told to my colleagues, but belive me, sometime some mail get lost - Most likely reason for this is that the user's client deletes the message. Possibly an automatic client side filter or some UI issue that causes user to accidentally delete a mail. The mail_log plugin's logging would have showed if this was the case. I suspect however that could be mine misconfiguration somewhere, so that lda sometimes write the email not in the right place, but elsewhere, and just write the phrase saved mail to INBOX in the logs (however I'm wondering why sometimes?!?) I can't think of any reason why it would randomly write to a wrong place. maybe something related to LDAP lookups? what can happen if for some reason the LDAP server does not reply to the lookup? Timo, belive to me, I use dovecot since 3 years, and I am one of the thousands of happy user, I really can't explain what is happening on this server I'll do this trial: I'll enable lda debug logging ont a file on a USB hard disk - in order to know where exactly messages are stored, and enable also maillog too I'll keep you informed on what I'll find - maybe it will take some days, as I told it happens quite seldom thank you I tried to find the missed email in the Maildir, but have not been able to get it - the commands used are cd /home/mailboxstore/theuser/Maildir grep 629222 */* |grep RE: grep 629222 .Drafts/* |grep RE: grep 629222 .Drafts/*/* |grep RE: grep 629222 .Junk/* |grep RE: grep 629222 .Posta\ eliminata/* |grep RE: grep 629222 .Posta\ indesiderata/* |grep RE: grep 629222 .Posta\ inviata/* |grep RE: grep 629222 .Sent/* |grep RE: grep 629222 .Templates/* |grep RE: grep 629222 .Trash/* |grep RE: Only the grep 629222 .Drafts/*/* |grep RE: was grepping from mail files. Easier would be just: grep -r RE:.*629222 . I really think is some kind of misconfiguration of mine, may you help me, please? Just tell me what pieces of config to show (just not to flood the whole config) I doubt this is related to configuration. But you could enable http://wiki2.dovecot.org/Plugins/Lazyexpunge so that messages won't be lost if they are expunged. The next time a message is lost, you would most likely find it from the lazy-expunge namespace. (Then you could write a script that deletes e.g. 1 week old files nightly.)
[Dovecot] Mail lost - maybe a bug???
kind of bug in the maildrop version I use? by the way, I had this issue also before installing amavisd-new now some infos: CentOS 5.3 postfix-2.3.3-2.1.el5_2 amavisd-new-2.6.6-1.el5.rf dovecot-2.0.11-1_126 dovecot-managesieve-0.2.2-15 dovecot-pigeonhole-0.2.2-15 users are on a Kerberized OpenLDAP please help me because this is really driving me crazy - don't leave me alone, please Marco Carcano
Re: [Dovecot] dovecot user
Timo Sirainen ha scritto: On Fri, 2010-03-26 at 20:01 +1000, Noel Butler wrote: dovehole - you go inside dovecot via a hole, right? That is downright pornographic. dovehole - lovehole? dovenest isn't totally horrible (close), but dovehole is ... just not right at all. dovetail +1 Tail just doesn't make much sense to me. Also it's not completely free of pornographic associations either. :) So my last idea: doveless. It's less of a dovecot process. To me it seems closer to perfect as anything I've seen so far. I don't remember if 'dove-nil', 'dovenil' or 'dovenull' were suggested by anyone. If not please consider them. Kind regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Debian Unstable Packages
Sabahattin Gucukoglu ha scritto: Hi all, Speaking of Debian, what relative position are the Debian Unstable (Sid) packages in to the latest Bleeding edge builds of RCS-based releases from the Wiki? If using Unstable is it recommended to stay or use the newer ones? I'd say it was production, yes, but I'm forgiving of problems in the latest releases, so long as they aren't meant to be beta (i.e., known breakages). In the next few days a preliminary 2.0 package will be uploaded to experimental. We (the Debian Dovecot Maintainers) plan to avoid uploading the 2.0 package to unstable until it is released stable and has at least one bug-fix release. Kind regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Bug#570764: dovecot-common: sieve should allow Return-path header for address test
package dovecot-common forward 570764 dovecot@dovecot.org thanks Martin Schwenke ha scritto: Package: dovecot-common Version: 1:1.2.10-1 Severity: normal I attempt to compile the following sieve script... mart...@bilbo:~/tmp$ cat test.sieve if address :is Return-path owner-cip...@inka.de { keep; } [Yes, it is useless - a minimal example to illustrate the bug. :-) ] ... and I get the following error: mart...@bilbo:~/tmp$ sievec test.sieve test: line 1: error: specified header 'Return-path' is not allowed for the address test. test: error: validation failed. Error: failed to compile sieve script 'test.sieve' This test is included in an example in the Dovecot sieve documentation at: http://wiki.dovecot.org/LDA/Sieve#Mail_filtering_by_various_headers That seems to suggest that it should work! peace happiness, martin -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages dovecot-common depends on: ii adduser3.112 add and remove users and groups ii libbz2-1.0 1.0.5-4 high-quality block-sorting file co ii libc6 2.10.2-2 GNU C Library: Shared libraries ii libcomerr2 1.41.9-1 common error description library ii libdb4.8 4.8.26-1 Berkeley v4.8 Database Libraries [ ii libgssapi-krb5-2 1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries - k ii libk5crypto3 1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries - C ii libkrb5-3 1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.17-2.1OpenLDAP libraries ii libmysqlclient16 5.1.41-3 MySQL database client library ii libpam-runtime 1.1.1-1 Runtime support for the PAM librar ii libpam0g 1.1.1-1 Pluggable Authentication Modules l ii libpq5 8.4.2-2 PostgreSQL C client library ii libsqlite3-0 3.6.22-1 SQLite 3 shared library ii libssl0.9.80.9.8k-8 SSL shared libraries ii openssl0.9.8k-8 Secure Socket Layer (SSL) binary a ii ucf3.0025Update Configuration File: preserv ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime dovecot-common recommends no packages. Versions of packages dovecot-common suggests: ii ntp 1:4.2.4p8+dfsg-1 Network Time Protocol daemon and u -- no debconf information This bug happen with latest version of sieve patches applied on dovecot 1.2.10. Regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Bug#564633: dovecot bug: Next message unexpectedly corrupted in mbox file
Justin Piszcz ha scritto: Package: dovecot-imapd Version: 1.2.9-1 Distribution: Debian Testing x86_64 Problem: See below. .. Looking further I found this (which is when the problem began to appear in the logs): First time: Jan 2 09:33:25 l1 dovecot: IMAP(user): Next message unexpectedly corrupted in mbox file /home/user/Mailbox at 10599 Due to: 2010-01-02 05:00:29 configure dovecot-common 1:1.2.9-1 1:1.2.9-1 2010-01-02 05:00:29 status unpacked dovecot-common 1:1.2.9-1 2010-01-02 05:00:29 status unpacked dovecot-common 1:1.2.9-1 2010-01-02 05:00:29 status unpacked dovecot-common 1:1.2.9-1 2010-01-02 05:00:29 status unpacked dovecot-common 1:1.2.9-1 2010-01-02 05:00:29 status unpacked dovecot-common 1:1.2.9-1 2010-01-02 05:00:29 status unpacked dovecot-common 1:1.2.9-1 2010-01-02 05:00:29 status half-configured dovecot-common 1:1.2.9-1 2010-01-02 05:00:31 status installed dovecot-common 1:1.2.9-1 2010-01-02 05:00:38 configure dovecot-imapd 1:1.2.9-1 1:1.2.9-1 2010-01-02 05:00:38 status unpacked dovecot-imapd 1:1.2.9-1 2010-01-02 05:00:38 status half-configured dovecot-imapd 1:1.2.9-1 2010-01-02 05:00:38 status installed dovecot-imapd 1:1.2.9-1 During an apt-get dist-upgrade.. Did dovecot 1.2.9 include this patch: http://www.dovecot.org/list/dovecot-cvs/2009-December/015177.html So now one sees the message, whereas before, no message was shown? Nothing to be concerned about? Justin. On Fri, 8 Jan 2010, Justin Piszcz wrote: Hi, t I am seeing this on one of my servers: Jan 8 10:08:58 l1 dovecot: IMuser(user): Next message unexpectedly corrupted in mbox file /home/user/Mailbox at 10558 I have never seen this before, and google yields no results except when this warning was added to the source code here: http://www.dovecot.org/list/dovecot-cvs/2009-December/015177.html The user has deleted all of the mail in the Mailbox but the problem persists. Any ideas? Justin. Hi Justin, Does the problem persist? Does it cause glitches for the user? Does it cause some corruptions or it's just a line in your log? Is it reproducible? I think it is some kind of corruption of the mailbox, but I found weird it persists after the deletion of all email. May be you should expunge deleted messages from the mailbox. Kind regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 signature.asc Description: OpenPGP digital signature
Re: [Dovecot] sieve script
Stephan Bosch ha scritto: Lampa wrote: 2010-01-29T19:52:15.876551+01:00 hermes dovecot: deliver(u...@domain.tld): sieve: main_script: line 6: number of redirect actions exceeds policy limit 2010-01-29T19:52:15.881478+01:00 hermes dovecot: deliver(centrumrea...@remax-czech.cz): sieve: execution of script /home/mail/domain.tld/user/.dovecot.sieve failed, but implicit keep was successful plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_max_redirects = 20 sieve_global_path = /home/mail/.dovecot.global.sieve sieve_global_dir = /home/mail/sieve } using dovecot 1.2.9 on debain This feature is first included in Pigeonhole Sieve 0.1.14. You need debian package version 1:1.2.9-2, which is not yet in testing or backports. I've already built the backport to stable. I'll upload it as soon the package will enter in testing. Meantime, if you want, you can download it (for i386 and amd64) from my private repository[1] Kind regards, Marco [1] http://www.prato.linux.it/~mnencia/debian/dovecot-lenny/ -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 signature.asc Description: OpenPGP digital signature
Re: [Dovecot] md5_verify(...): Not a valid MD5-CRYPT or PLAIN-MD5 password
BaQs ha scritto: I can't add {DES} to DES passwords, as this database is used with many other softwares. I'm not a MySQL expert, but you could add it to query using CONCAT() and IF() functions, or you could define a custom view to the user table. Regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 signature.asc Description: OpenPGP digital signature
[Dovecot] Build fix on HURD
I've made two little patches to allow dovecot to be compiled on GNU/Hurd. Could you review them? Kind regards, Marco Nenciarini -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 # HG changeset patch # User Marco Nenciarini mnen...@prato.linux.it # Date 1260984874 -3600 # Branch HEAD # Node ID b7276a3006d847d39cd5b39ac2197a47191181e5 # Parent 9c99f15829faf182d2e4c343994a004e85cbd2c2 Fix build on HURD (PATH_MAX not defined) diff --git a/src/lib/compat.h b/src/lib/compat.h --- a/src/lib/compat.h +++ b/src/lib/compat.h @@ -254,3 +254,10 @@ ((errno) == EEXIST || (errno) == ENOTEMPTY || (errno) == EBUSY) #endif + +/* PATH_MAX is only defined if the system actually have such fixed limit */ +/* see http://www.gnu.org/software/hurd/community/gsoc/project_ideas/maxpath.html */ +/* and http://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html */ +#ifndef PATH_MAX +# define PATH_MAX 1024 +#endif # HG changeset patch # User Marco Nenciarini mnen...@prato.linux.it # Date 1260984992 -3600 # Branch HEAD # Node ID cf920078addcd4a9b163b25796cb00bbfc67bd26 # Parent b7276a3006d847d39cd5b39ac2197a47191181e5 Fix build on HURD (SA_SIGINFO not available) diff --git a/src/lib/ioloop-notify-dn.c b/src/lib/ioloop-notify-dn.c --- a/src/lib/ioloop-notify-dn.c +++ b/src/lib/ioloop-notify-dn.c @@ -191,9 +191,15 @@ /* SIGIO is sent if queue gets full. we'll just ignore it. */ signal(SIGIO, SIG_IGN); +#ifdef SA_SIGINFO act.sa_sigaction = sigrt_handler; sigemptyset(act.sa_mask); act.sa_flags = SA_SIGINFO | SA_RESTART | SA_NODEFER; +#else + act.sa_handler = sigrt_handler; + sigemptyset(act.sa_mask); + act.sa_flags = SA_RESTART | SA_NODEFER; +#endif if (sigaction(SIGRTMIN, act, NULL) 0) { if (errno == EINVAL) { diff --git a/src/lib/lib-signals.c b/src/lib/lib-signals.c --- a/src/lib/lib-signals.c +++ b/src/lib/lib-signals.c @@ -75,12 +75,17 @@ return t_strdup_printf(unknown %d, sicode); } +#ifdef SA_SIGINFO static void sig_handler(int signo, siginfo_t *si, void *context ATTR_UNUSED) +#else +static void sig_handler(int signo) +#endif { struct signal_handler *h; char c = 0; -#ifdef SI_NOINFO +#ifdef SA_SIGINFO +# ifdef SI_NOINFO siginfo_t tmp_si; if (si == NULL) { @@ -90,6 +95,14 @@ tmp_si.si_code = SI_NOINFO; si = tmp_si; } +# endif +#else + siginfo_t *si; + siginfo_t tmp_si; + + memset(tmp_si, 0, sizeof(tmp_si)); + tmp_si.si_signo = signo; + si = tmp_si; #endif if (signo 0 || signo MAX_SIGNAL_VALUE) @@ -115,8 +128,12 @@ } } +#ifdef SA_SIGINFO static void sig_ignore(int signo ATTR_UNUSED, siginfo_t *si ATTR_UNUSED, void *context ATTR_UNUSED) +#else +static void sig_ignore(int signo ATTR_UNUSED) +#endif { /* if we used SIG_IGN instead of this function, the system call might be restarted */ @@ -173,8 +190,13 @@ if (sigemptyset(act.sa_mask) 0) i_fatal(sigemptyset(): %m); +#ifdef SA_SIGINFO act.sa_flags = SA_SIGINFO; act.sa_sigaction = ignore ? sig_ignore : sig_handler; +#else + act.sa_flags = 0; + act.sa_handler = ignore ? sig_ignore : sig_handler; +#endif if (sigaction(signo, act, NULL) 0) i_fatal(sigaction(%d): %m, signo); } @@ -235,8 +257,13 @@ act.sa_flags = SA_RESTART; act.sa_handler = SIG_IGN; } else { +#ifdef SA_SIGINFO act.sa_flags = SA_SIGINFO; act.sa_sigaction = sig_ignore; +#else + act.sa_flags = 0; + act.sa_handler = sig_ignore; +#endif } if (sigaction(signo, act, NULL) 0) signature.asc Description: OpenPGP digital signature
[Dovecot] FTBFS with binutils-gold
As reported in debian bug #554306 [1] dovecot fails to build with GNU binutils-gold or setting LDFLAGS=-Wl,--no-add-needed http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554306 The problem is that liblber isn't explicitly declared as a dependence when dovecot is compiled with ldap support. The attached patch fixes this little error. Regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 Index: dovecot-1.2.8/configure.in === --- dovecot-1.2.8.orig/configure.in 2009-11-27 13:38:40.508216120 +0100 +++ dovecot-1.2.8/configure.in 2009-11-27 13:55:23.623513021 +0100 @@ -1897,7 +1897,7 @@ AC_CHECK_LIB(ldap, ldap_start_tls_s, [ AC_DEFINE(LDAP_HAVE_START_TLS_S,, Define if you have ldap_start_tls_s) ]) - LDAP_LIBS=-lldap + LDAP_LIBS=-lldap -llber AC_SUBST(LDAP_LIBS) if test $want_ldap != plugin; then AUTH_LIBS=$AUTH_LIBS $LDAP_LIBS
Re: [Dovecot] 1.2.7: recs[i]-uid rec- uid
Brandon Davidson ha scritto: For the record, the old epoll_ctl issue was resolved by the patch that reordered the fd closes. We ran 1.2.6 with that patch for quite a while and it didn't reoccur once. I can confirm that the epoll_ctl bug was resolved. Kind Regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Brandon Davidson ha scritto: Hi Marco, Let's see what Timo has to say about that log file bit. Since it seems to happen to you fairly frequently, it might be worth enabling core dumps as well? You are right. I've just rebuilt my package with -g -O0 and enabled core dumps. Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
This morning it happened another time, another time during the daily cron execution. Oct 22 06:26:57 server dovecot: pop3-login: Panic: Leaked file fd 5: dev 0.12 inode 1005 Oct 22 06:26:57 server dovecot: dovecot: Temporary failure in creating login processes, slowing down for now Oct 22 06:26:57 server dovecot: dovecot: child 21311 (login) killed with signal 6 (core dumps disabled) I have dovecot 1.2.6 with Timo's patch to check leaked descriptors. Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto: On Thu, 2009-10-22 at 11:44 +0200, Marco Nenciarini wrote: This morning it happened another time, another time during the daily cron execution. Oct 22 06:26:57 server dovecot: pop3-login: Panic: Leaked file fd 5: dev 0.12 inode 1005 Can you apply the attached patch and see what it logs the next time it happens? I've applied the patch (with a little modification because i use managesieve) At this moment on all my systems I have a 1.2.6+2debug_patches and core dumps are enabled. Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto: That's the pty's fd I think, probably from dovecot --exec-mail because normally dovecot master process closes them at startup.. Did you check if two dovecot processes were running when this happened? This morning the problem showed again. This is what I was able to discover: 1) There was only one master process. 2) Imap and managesieve login and worker processes were working normally. 3) There was no pop3/pop3-login. After the last time I've modified my root crontab to execute the expire-tool every minute, trying to trigger the problem in another time of the day, but the first failure is Oct 6 06:26:02 delta01 dovecot: imap-login: Panic: Leaked file fd 5: dev 0.12 inode 1005 Oct 6 06:26:02 delta01 dovecot: dovecot: Temporary failure in creating login processes, slowing down for now Oct 6 06:26:02 delta01 dovecot: dovecot: child 21216 (login) killed with signal 6 (core dumps disabled) As you can see this time is the login process of an imap connection, so I can state that the problem is not related to pop3 and nor to expire plugin. Probably the imap connections that I see were there before the problem was triggered. So the only remaining thing in daily log rotation that can be the trigger of the problem is the heavy cpu/io load due to daily maintenance. The last weird thing is that this time I have simply asked dovecot to reload its configuration and the problem is vanished. I hope this is enough to figure out what was happened. Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Marco Nenciarini ha scritto: 2) Imap and managesieve login and worker processes were working normally. I only see this mistake now: the above statement is false, because the subsequent log show an imap-login failure. Sorry for this. Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto: On Wed, 2009-09-30 at 10:16 +0200, Marco Nenciarini wrote: Sep 30 06:26:15 server dovecot: pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5): Operation not permitted There is no additional information from Timo's patch, Oh, annoying. There was a bug in the function it used, this fixes it: http://hg.dovecot.org/dovecot-1.2/rev/401e023c8c29 [snip] The only thing related I can think of is http://hg.dovecot.org/dovecot-1.2/rev/0f04c7da33f1 - did you have that patch applied? Although I couldn't reproduce the problem even with that reverted. Another day, another failure, now with both patches applied. Oct 1 06:26:14 server dovecot: pop3-login: Panic: Leaked file fd 5: dev 0.12 inode 1005 Oct 1 06:26:14 server dovecot: dovecot: Temporary failure in creating login processes, slowing down for now Oct 1 06:26:14 server dovecot: dovecot: child 17609 (login) killed with signal 6 (core dumps disabled) Please note that the time is the same of previous days (just after daily cron execution) Regards, Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto: On Tue, 2009-09-22 at 20:23 -0700, Mark Sapiro wrote: Sep 22 19:07:15 sbh16 dovecot: pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5): Operation not permitted Has this happened to you again? Do you run expire-tool or some other dovecot --exec-mail command? Or was there anything else run in cron just before the first of the above errors happened? No, it hasn't happened again. The only errors I found in my logs is like the following one Oct 1 09:20:29 delta01 dovecot: pop3-login: Disconnected (no auth attempts): rip=213.136.170.137, lip=10.68.1.31 Oct 1 09:20:29 delta01 dovecot: pop3-login: Panic: Leaked file fd 5: dev 0.12 inode 1005 Oct 1 09:20:29 delta01 dovecot: dovecot: Temporary failure in creating login processes, slowing down for now Oct 1 09:20:29 delta01 dovecot: pop3-login: Disconnected (no auth attempts): rip=62.94.181.36, lip=10.68.1.31 Oct 1 09:20:29 delta01 dovecot: dovecot: child 12936 (login) killed with signal 6 (core dumps disabled) The only dovecot-related command run by cron daily is expire-tool I've checked the list of running processes but there is only one /usr/sbin/dovecot running with its children Marco -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | mnen...@prato.linux.it | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
Re: [Dovecot] pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5):
Timo Sirainen ha scritto: On Sep 23, 2009, at 11:27 AM, Timo Sirainen wrote: On Sep 23, 2009, at 11:17 AM, Marco Nenciarini wrote: First failure is: Sep 23 06:26:14 server dovecot: pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5): Operation not permitted That's really the first one, and there's no kind of an error from dovecot master process? This sounds like wrong fd is being passed to pop3-login, but why it's being done only randomly I can't really think of.. It could be useful to know what the fd actually is. See what it logs with the attached patch? The problem happened again. Sep 30 06:26:15 server dovecot: pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5): Operation not permitted There is no additional information from Timo's patch, but if you compare it with the last one you can see a weird match on both time and weekday: Sep 23 06:26:14 server dovecot: pop3-login: Fatal: io_loop_handle_add: epoll_ctl(1, 5): Operation not permitted After some investigation I've found that the daily cron scripts are executed every day at 6:25 and the only thing related to dovecot in /etc/cron.daily is the call to expire plugin - server:~# cat /etc/cron.dailyclean-expired-messages #!/bin/sh dovecot --exec-mail ext /usr/lib/dovecot/expire-tool.sh server:~# cat /usr/lib/dovecot/expire-tool.sh #!/bin/bash MAIL_PLUGINS=${MAIL_PLUGINS//imap_quota/} MAIL_PLUGINS=${MAIL_PLUGINS//mail_log/} exec ${0%.sh} $@ - Moreover my expire plugin configuration is expire: Trash 7 Trash/* 7 Cestino 7 Cestino/* 7 Junk 30 Spam 30 so the weekly periodicity can be explained with something happened in a Trash mailbox. My configuration is - # 1.2.5: /etc/dovecot/dovecot.conf # OS: Linux 2.6.26-2-xen-amd64 x86_64 Debian 5.0.3 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s managesieve ssl_cert_file: /etc/ssl/certs/delta01.pem ssl_key_file: /etc/ssl/private/delta01.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login first_valid_uid: 2000 last_valid_uid: 2000 first_valid_gid: 2000 last_valid_gid: 2000 mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): quota imap_quota expire trash mail_plugins(imap): quota imap_quota expire trash mail_plugins(pop3): quota expire mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): delay-newmail imap_client_workarounds(imap): delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_save_uidl(default): no pop3_save_uidl(imap): no pop3_save_uidl(pop3): yes pop3_save_uidl(managesieve): no pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %f pop3_uidl_format(managesieve): %08Xu%08Xv pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): namespace: type: private separator: . inbox: yes list: yes subscriptions: yes namespace: type: private separator: . prefix: INBOX. hidden: yes list: no subscriptions: yes lda: postmaster_address: postmas...@xcon.it mail_plugins: quota sieve expire auth_socket_path: /var/run/dovecot/auth-master auth default: mechanisms: plain login passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: quota: dict:user::proxy::quota quota2: dict:domain:%d:proxy::quota_domain trash: /etc/dovecot/dovecot-trash.conf expire: Trash 7 Trash/* 7 Cestino 7 Cestino/* 7 Junk 30 Spam 30 expire_dict: proxy::expire sieve: ~/.dovecot.sieve sieve_dir: ~/sieve dict: quota: pgsql:/etc/dovecot/dovecot-dict-quota.conf quota_domain: pgsql:/etc/dovecot/dovecot-dict-quota-domain.conf expire: pgsql:/etc/dovecot/dovecot-dict-expire.conf