Re: [Dovecot] Dovecot 2.0.rc3 Capability response

2010-08-04 Thread pod 
A.L.E.C a...@alec.pl writes:

 On 04.08.2010 12:25, Craig Whitmore wrote:

 Looking at the RFC.. and if dovecot is doing this then its going against
 the RFC and doing it wrong. As it says This listing of capabilities is
 not dependent upon connection state or user.

 http://tools.ietf.org/search/rfc1730#section-6.1.1
 http://tools.ietf.org/search/rfc2060#section-6.1.1

 Timo will know better. Just want to say, that this sentence has been
 removed in RFC3501.

I agree this wording has quite explicitly been removed from RFC 3501.

Maybe Timo can point to some explicit wording which I have been unable to
find but my reading of various bits of RFC 3501 (which btw obsoletes 2060
which in turn obsoletes 1730, i.e. 3501 is _the_ reference) seems to
suggest that doing a CAPABILITY (or the moral equivalent of recognizing a
CAPABILITY response) after both STARTTLS and AUTHENTICATE is in fact
necessary.  I don't see why it would be important to add these CAPABILITY
responses unless the expectation is that the CAPABILITY response is now
different as a result of the STARTTLS, AUTHENTICATE or indeed LOGIN.

The case seems clear for STARTTLS; you advertise only non-plaintext AUTH
mechanisms and LOGINDISABLED initially and after successful STARTTLS you
can advertise plaintext AUTH mechanisms and remove LOGINDISABLED.  I must
confess I am having trouble untangling the precise meaning of the text
related to AUTHENTICATE though.

For reference some selected text from RFC 3501:

6.2.1.  STARTTLS Command

[...]

  Once [TLS] has been started, the client MUST discard cached
  information about server capabilities and SHOULD re-issue the
  CAPABILITY command.  This is necessary to protect against man-in-
  the-middle attacks which alter the capabilities list prior to
  STARTTLS.  The server MAY advertise different capabilities after
  STARTTLS.

[...]

6.2.2.  AUTHENTICATE Command

[...]

  A server MAY include a CAPABILITY response code in the tagged OK
  response of a successful AUTHENTICATE command in order to send
  capabilities automatically.  It is unnecessary for a client to
  send a separate CAPABILITY command if it recognizes these
  automatic capabilities.  This should only be done if a security
  layer was not negotiated by the AUTHENTICATE command, because the
  tagged OK response as part of an AUTHENTICATE command is not
  protected by encryption/integrity checking.  [SASL] requires the
  client to re-issue a CAPABILITY command in this case.

[...]

B.  Changes from RFC 2060

[...]

   77) Add optional CAPABILITY response code in the initial OK or
   PREAUTH.

   78) Add note that server can send an untagged CAPABILITY command as
   part of the responses to AUTHENTICATE and LOGIN.

   79) Remove statement about it being unnecessary to issue a CAPABILITY
   command more than once in a connection.  That statement is no longer
   true.

[...]

   83) Clarify that an untagged CAPABILITY response to an AUTHENTICATE
   command should only be done if a security layer was not negotiated.

[...]

   91) Change recommendation of optional automatic capabilities in LOGIN
   and AUTHENTICATE to use the CAPABILITY response code in the tagged
   OK.  This is more interoperable than an unsolicited untagged
   CAPABILITY response.

Re: [Dovecot] SSL / TLS Problem

2010-07-19 Thread pod 
Leander S. leander.schae...@googlemail.com writes:

 server [~]# cat /etc/ssl/mail/mail.key
 -BEGIN RSA PRIVATE KEY-
 [...]

Hmm, you have apparently posted your private key to a public maillist.
You might want to generate a new key and cert.

Re: [Dovecot] [dovecot]

2010-03-10 Thread pod 
Rick Romero r...@havokmon.com writes:

 Yeah.. procmail filter to modify the subject would satisfy me.

 I'm by no means a procmail expert, but this seems to work (though
 [Dovecot] gets put before the Re:)

 :0 fhw
 * ^List-Id:.*Dovecot Mailing List
 {
   :0 fhw
   * ^Subject:\/.*
   | formail -I Subject: [dovecot] $MATCH
 }

I realise this is a late response on this thread and is probably overly
pedantic but RFC 2919 (List-Id) is clear about which bit of the List-ID:
header is actually the list-id.  It's the bit in angle brackets:

   The List-Id header MAY optionally include a description by including
   it as a phrase [DRUMS] before the angle-bracketed list identifier.
   [...]
   For many MUAs the parsing of the List-Id header will simply consist of
   extracting the list identifier from between the delimiting angle
   brackets.

   The syntax of the List-Id header follows:

   list-id-header = List-ID: [phrase]  list-id  CRLF

So if you are going to do List-ID filtering I suggest doing it on the bit
in angle brackets not the phrase part as has been done in the procmail
recipe above.  Thus in procmail:

:0 fhw
* ^List-Id:.*dovecot\.dovecot\.org
[...]

and in sieve:

if header :contains list-id dovecot.dovecot.org {
[...]

Re: [Dovecot] dovecot auth is case insensitive, but fs is sensitive :)

2009-08-19 Thread pod 
Noel Butler noel.but...@ausics.net writes:

 On Wed, 2009-08-19 at 01:41 -0400, Timo Sirainen wrote:

 Dovecot auth isn't case-insensitive. But MySQL is, and I guess you're  
 using it? There are several different ways around it.


 Which is not a problem since most (all) MTA's  normally treat user@  as
 case insensitive.

But the username in the authentication db is completely independent of any
localpart that might be used to deliver to a mailbox - access to which is
authenticated by providing creds for that username.

I don't see how the fact that MTAs may or may not consider localparts to
be case-sensitive has any bearing on the case-sensitivity of usernames
stored in the authentication database.

Re: [Dovecot] sieve rules processing

2009-08-06 Thread pod 
Stephan Bosch step...@rename-it.nl writes:

 Yes, your second rule is an elsif, meaning that it is only executed when
 the first if-condition is not 'true'. Since that first rule has a forced
 true' result, the second rule is absolutely never executed. You script
 should be:

 require [fileinto,copy];

 # rule:[redirect]
 if true
 {
   redirect :copy al...@domain.com;
 }

 # rule:[Cron]
 if header :contains Subject Cron
 {
   fileinto INBOX/Cron;
 }

 Note that the anyof() commands are only necessary when you have multiple
 tests per if command. Also, I removed the envelope require, since it is
 not used.

Out of interest is the conditional around

if true
{
  redirect :copy al...@domain.com;
}

necessary?  Does a plain inline

redirect :copy al...@domain.com;

not behave in exactly the same manner?

I'm afraid it's a while since I read RFC 5228 (Sieve) and I was unfamiliar
with RFC 3894 (:copy) but on scanning through them I can't see anything to
indicate that behaviour should differ inside and outside an if.

So I suppose my question is does redirect :copy have different behaviour
based on whether it is inline or inside an if?

Re: [Dovecot] POP3 flag updates

2009-06-23 Thread pod 
Timo Sirainen t...@iki.fi writes:

 Why does Dovecot add \Seen flag for mails that have been RETRed? Does
 anyone really want to use this feature? I can't remember why I
 implemented it originally, perhaps it was just because other servers  do
 that too. I'm thinking about at least changing  pop3_no_flag_updates=yes
 to be default.

Doesn't it just keep things looking consistent for a user if they happen
to be using both a POP3 client and an IMAP client?

Sound implausible?  Say for normal use they have a desktop configured that
does POP3 (but doesn't DELE after RETR, obviously) but they are away from
the desk and use a Web to Mail gateway which happens to be an IMAP client.
It is presumably considered a nice feature that messages they last POPped
show up as \Seen in the web interface and consequently stuff that has
arrived since shows up as not \Seen.  Maybe.

Re: [Dovecot] v3.0 architecture

2009-06-03 Thread pod 
Timo Sirainen t...@iki.fi writes:

 I do kind of like that idea, but I don't really se how it would be
 practical here, especially if high performance is wanted.

I don't really see why a priori it would be any less performant than any
other particular RPC mechanism.

 1. I'm not implementing Dovecot to Plan9, so the filesystem would  still
 have to be wrapped in some kind of a protocol. I suppose you  could get
 them visible to filesystem using FUSE, but that would still  be
 Linux-only.

I probably didn't explain well enough.  One doesn't need to be
implementing for or on a Plan9 system and there's no need for there to be
any involvement with the OS or kernel's notion of filesystem.

9P is a _wire_ protocol for expressing filesystem hierarchy and I/O on
files and dirs within that filesystem.  I would like to say think of it
as NFS simplified but even that will, I suspect, for lots of people draw
with it far too much irrelevant baggage.  It is a perfectly tractable
proposition to implement both 9P servers and clients, e.g. wmii [1],
solely with the assistance of a userland library, e.g. libixp [2].

 2. Latency over network is pretty high, so a nice clean filesystem  layout
 wouldn't probably be possible without sacrificing performance.  And a
 non-clean layout probably would just make it horrible to use in  all ways.

Agreed, careful design of the layout is rather important.  But, I suggest,
it requires no more or less care than goes into the design of a more
traditional RPC mechanism - how are errors signalled, can more than one
RPC be in flight at any one time, how is data marshalling done, etc.

Using a synthetic filesystem at least provides a layer of abstraction that
might help.  I don't claim it makes it easier - it just provides a layer
in which some of these questions are already answered.  It's an alternate
way to factorise the problem.

 Actually I think even the current lib-storage API won't be low-enough
 latency. Most IMAP commands should be able to be done by sending a  single
 request and then reading responses. Well, I'm not going to  start coding
 this anytime soon.

I'm afraid I am sufficiently unfamiliar with the lib-storage API to
comment on how straightforwardly one might map it to a 9P-using world.

 Anyway, I'm still more concerned about how to implement the client  side
 so that a single process can asynchronously process commands and  handle
 multiple connections, without the code looking awful difficult  to
 understand mess. I think it might be possible with C, but I'm not  aware
 of any existing code that does it as cleanly as synchronous code  looks
 like.

Very valid concerns.  I don't think I am able to offer further insight
though :-(

Please forgive me if I come across as overly evangelistic.  I do not
intend to.  It is an area of personal interest to me and it felt like it
mapped onto your problem nicely.  Thanks for listening.

Footnotes: 
[1]  http://wmii.suckless.org/
[2]  http://libs.suckless.org/libixp

Re: [Dovecot] v3.0 architecture

2009-06-02 Thread pod 
Timo Sirainen t...@iki.fi writes:

 The big problem is what the protocol should be. Use some existing RPC
 protocol? It should be something extensible so that a plugin in imap
 process can talk to a plugin in storage process, without the base
 processes knowing anything about the details (e.g. imap-quota plugin
 asking quota usage from storage's quota plugin). In any case the  client
 side API should be asynchronous. That can make it annoyingly  difficult to
 use though. Wonder if I could switch to erlang or  something for the
 imap/pop3 processes :)

I realise I'm coming a little late to this conversation.  Various people
have suggested various RPC mechanisms.  Might I humbly suggest also
looking at 9P (or 9P2000) the Plan9 filesystem protocol. [1]

The general design philosophy in Plan9 is not to use an increasing number
of application specific RPC mechanisms but instead to implement everything
in a synthetic filesystem tree.  The 9P protocol handles the basic
operations required to navigate the filesystem tree and read/write to the
files within.  The semantics of RPC are then relegated to the
specification for the layout of the filesystem and meaning assigned to
reading or writing to files within that tree.  This allows for
extensibility (and incidently discoverability) - new features or plugins
appear as a new file or directory hierarchy in the presented filesystem
layout.

As a concrete example the so called upas/fs [2] presents a view of a
mailbox independent of the actual storage mechanism used for the data
contained in the mailbox.  From the manpage

The mailbox itself becomes a directory under /mail/fs. Each message in
the mailbox becomes a numbered directory in the mailbox directory, and
each attachment becomes a numbered directory in the message
directory. Since an attachment may itself be a mail message, this
structure can recurse ad nauseam.

See [2] for more details.  I'm not suggesting this layout would be exactly
right for the Dovecot storage protocol but it may provide a starting
point.

It's probably worth noting the irony, given this is a maillist about
Dovecot, in that this approach almost obsoletes the need for an IMAP
protocol in the first place (the upas/fs style layout as documented
doesn't really provide sufficient support for server side search for
example).

Footnotes: 
[1]  http://plan9.bell-labs.com/magic/man2html/5/0intro
[2]  http://plan9.bell-labs.com/magic/man2html/4/upasfs

Re: [Dovecot] Migration questions...

2009-05-20 Thread pod 
Richard Hobbs richard.ho...@crl.toshiba.co.uk writes:

   19. Once everything is working perfectly, send an email to the entire
 company instructing them what to do after the outage and arrange an
 outage and do the following steps as soon as the outage begins:

 a. Unplug DMZ switch from firewall to make delivered mail wait at
 the sender.
[...]
 i. Plug DMZ switch back into firewall and begin monitoring exim logs
 to check that mail is being delivered.

If I'm not misunderstanding the steps between 19.a -- 19.i are going to be
done while not network connected?  I'd be slightly concerned that these
steps may involve anything some that needs to do DNS lookups or the like
at which point they may hit long(ish) timeouts or just fail completely.

Re: [Dovecot] v 1.1.13 / GSSAPI / Timeout waiting for handshake from auth server

2009-04-03 Thread pod 
Timo Sirainen t...@iki.fi writes:

 On Wed, 2009-03-25 at 15:31 +0100, Jahnke-Zumbusch, Dirk wrote:

 1. I am puzzled about the credentials i...@my.host.name being obtained;
 shouldn't this be
something like imap/my.host.n...@my.realm ?

 I don't know anything about Kerberos.

I suspect the i...@my.host.name refers to the subject at the GSSAPI
layer.  This is certainly the form one would use in gss_import_name() in
order to construct the name of the peer one might then subsequently use
in a call to gss_init_sec_context() or, as in this case,
gss_acquire_cred().  If the underlying mechanism in use by the GSSAPI
layer is Kerberos then it will be translated to an appropriately named
principal, such as imap/my.host.n...@my.realm, but that name will not in
general be exposed above the GSSAPI layer.

 This anyway means that dovecot-auth process is hanging for over 30
 seconds. Probably the obtaining credentials is taking for a long time.
 But why that is, I've no idea.

Wild guess: maybe the underlying Kerberos libraries are attempting to
canonicalise the host part by doing DNS lookups which are timing out as a
result of a non-responsive DNS server?

Re: [Dovecot] Unable To Move IMAP Folder (Dovecot)

2008-10-01 Thread pod 
 CW == Carlos Williams [EMAIL PROTECTED] writes:

CW This folder shows up as a sub folder to his Inbox on his
CW Thunderbird client and I tried using the cp command to move this
CW over to my Maildir/ directory on the same server and when I launch
CW Thunderbird, that folder is not visible for me. I made sure
CW permissions are correct and even reloaded Dovecot.

[...]

CW Does anyone know what I am doing wrong?

Maybe you need to subscribe to your new test folder from your
Thunderbird session.

Re: [Dovecot] Sieve fileinto a subfolder fails

2008-08-29 Thread pod 
 EK == Eduardo M KALINOWSKI [EMAIL PROTECTED] writes:

EK Try fileinto Lists.NCCC, the . is the default folder
EK separator.

EK It should be possible to change it to a / with namespaces, but
EK it would make a cosmetic change, and judging by other posts in the
EK list, it seems to cause a lot more trouble than benefits. :-)

Though I don't think this will work with 1.0 deliver since it doesn't
understand namespaces.

IMHO the sieve spec missed a trick in this respect.  Given that there are
many other places in sieve where a list of strings can be supplied as
arguments it seems like it would be obvious that

fileinfo [foo bar];

could carry the meaning of file into the bar subfolder of foo and just
short circuit the what's the hierarchy separator? question.

Maybe this was considered during the standardization process and rejected.

Re: [Dovecot] Allowing tilde at start of mailbox names [listescape-plugin.c]

2008-03-11 Thread pod 
 AM == Adam McDougall [EMAIL PROTECTED] writes:

AM I have been using it for a few weeks and it has been working well,
AM but yesterday I noticed it also seems to be escaping the \
AM (backslash) character in folder names.

listescape has to escape '\' so that applications of decode-encode and
encode-decode are idempotent.  If it did not do this a client that asked,
for example, to create a folder called a\2eb (i.e. issues CREATE a\2eb)
would be shown the folder as a.b by dovecot in a subsequent folder
listing.

AM This wouldn't be a problem except it breaks operation of folders
AM that already had a \ in the name before the plugin was loaded.
AM This isn't a huge problem for us but I want to figure out if I
AM should special case migration of folder names containing a \ to be
AM the new internal representation \5c or if the plugin should just
AM deal with normal \'s in the foldernames properly.

Yes, I think you need to rename folders that contained a '\' in the name
before you started using listescape, but clearly you should not rename any
folders that have subsequently been created by the listescape plugin that
contain a '\'.

Re: [Dovecot] Not using . as separator?

2008-03-06 Thread pod 
 GE == Grant Edwards [EMAIL PROTECTED] writes:

GE When using maildir storage, is there any way to use something
GE besides . as the folder separator?

Please note that the following relates to dovecot 1.0.  I've not looked to
see if 1.1 behaves differently.

Yes you can use a namespace

namespace private {
  # empty prefix indicates the default namespace
  prefix =
  inbox = yes
  separator = /
}

However using just this dovecot will still not allow maildir mailbox names
to contain a '.'.

GE I like to use folder names that match people's e-mail addresses
GE (that's a default behavior in mutt), and . is a pretty popular
GE character in e-mail addresses.  Ideally, I'd like to use /.

The (unofficial) listescape plugin

http://www.dovecot.org/patches/1.0/listescape-plugin.c 

will allow maildir folder names to contain '.' (and '~' at the start
incidentally).  Note however that this is only a good solution if you are
offering exclusively IMAP/POP3 access to the mailstore.  If you are also
exposing mailboxes directly by a filesystem interface then standard
Maildir++ utilities are likely to get confused because a folder known to
the client as a.b will appear in the filesystem with a name of 'a\2eb'.

We have used this feature to migrate from a UW imapd based service to a
dovecot based service with (what I believe to be) no user visible
change. [1]

GE Is . allowed in mailbox names when using mbox storage?

Yes, I believe so.

Footnotes:

[1] Except that folders can now contain sub folders and messages.

Re: [Dovecot] Automatically subscribe to folder?

2008-01-04 Thread pod 
 NS == Nikolay Shopik [EMAIL PROTECTED] writes:

NS I forgot to add some MUA don't like be subscribed to folders which
NS doesn't exist so you should probably aware of this too in case
NS such MUA used in your environment .

While it doesn't surprise me that there may well be MUAs which don't like
subcriptions to folders that don't exist it seems to me that such MUAs are
sailing pretty close to the wind as regards RFC 3501.

The wording of sections 6.3.6 and 6.3.9 as I read it pretty heavily imply
that clients must be prepared to deal with subscribed folders that no
longer exist because a server is explicitly prevented from attempting to
'protect' a client from such a situation.

6.3.6.  SUBSCRIBE Command

[...]

  A server MAY validate the mailbox argument to SUBSCRIBE to verify
  that it exists.  However, it MUST NOT unilaterally remove an
  existing mailbox name from the subscription list even if a mailbox
  by that name no longer exists.

   Note: This requirement is because a server site can
   choose to routinely remove a mailbox with a well-known
   name (e.g., system-alerts) after its contents expire,
   with the intention of recreating it when new contents
   are appropriate.

[...]

6.3.9.  LSUB Command

[...]

  The server MUST NOT unilaterally remove an existing mailbox name
  from the subscription list even if a mailbox by that name no
  longer exists.

Re: [Dovecot] Variable krb5 cache location

2007-12-04 Thread pod 
 TS == Timo Sirainen [EMAIL PROTECTED] writes:

TS I'm beginning to think that maybe something more generic is
TS needed, such as:

TS auth default {
TS   ..
TS   environment {
TS krb5_ktname = ..
TS krb5ccname = ...
TS who_knows_what_else_in_future = ..
TS   }
TS }

TS I think LDAP library also can accept settings from environment.

TS Anyone on mailing list have better ideas?

I'm certainly not going to claim this is a better idea.

Instead of explicitly setting the environment vars from dovecot.conf how
about instead have a mechanism for listing those vars that are acceptable
to pass through from the invoking environment.

Re: [Dovecot] dovecot.index mtime

2007-11-13 Thread pod 
 M == Matt  [EMAIL PROTECTED] writes:

M What if the script only touched the dovecot.index if it exists?
M That would likely not be too difficult to test for with shell
M script.

Might be tricky to do in shell without a race.  On the other hand maybe a
race in this case is not significant.  On the other hand it's possible
that a running user imap process uses timestamps on the index file to
determine whether it needs to update its idea of the content and
gratuitously changing it on connect may cause already running processes to
do more work that strictly necessary.  Haven't looked at the actual code
to asses the credibility of this though.

On the other hand I've run out of hands now :)

Re: [Dovecot] dovecot.index mtime

2007-11-12 Thread pod 
 BH == Benjamin R Haskell [EMAIL PROTECTED] writes:

  Can I just touch the dovecot.index instead?

BH Maybe. Not sure what environment variable holds its location,
BH though. And I'm not 100% sure it always exists or whether you'd
BH have to special-case the first-time login. (Will 'touch' creating
BH a zero-length index cause trouble for dovecot? I suspect not.)

Also be aware that the script is not being run with the uid of the user -
it is /usr/libexec/dovecot/imap that drops privs - so touching the index
file if it does not already exist may cause problems later when the user
process wants to update the index file.

If you have sessreg from the X11 distribution you could also try:

#!/bin/sh
if test -z $DUMP_CAPABILITY; then
  /usr/bin/sessreg -a -L /var/log/lastlog -u none -w none -l imap -h $IP 
$USER
fi
exec /usr/libexec/dovecot/imap

to put an entry into /var/log/lastlog (though note you need two scripts
for both IMAP and POP logins).

 Also, I am bit confused.  Why must the script exec imap?

It doesn't _have_ to.  It's a micro-optimisation.  If the script did not
exec the user imap process then a /bin/sh process would be sitting around
waiting for the user imap process to exit and when it did then the /bin/sh
process would itself just exit.

Re: [Dovecot] global sieve script

2007-10-08 Thread pod 
 LS == Lars Stavholm [EMAIL PROTECTED] writes:

LS For example:

LS /etc/dovecot/dovecot.conf:
LS ...
LS protocol lda {
LS   ...
LS   sieve_global_path = /etc/dovecot/sieve/
LS   ...
LS }

LS /etc/dovecot/global:
LS if header :contains X-Spam-Flag YES {
LS   fileinto Spam;
LS   stop;
LS }

LS ...or something similar.

Definitely take the something similar option since the above likely
won't work.

sieve_global_path should point to a _file_ containing a sieve script and
both the script _and_ the byte-compiled version (same name with 'c'
appended) should exist and the compiled output file should have an mtime
later than the source.  If the cmusieve plugin can't find the compiled
version (or the mtime of the source is later than the mtime of the
compiled version) it will attempt to write it out a compiled version and
filesystem permissions really ought to prevent that.

So

/etc/dovecot/dovecot.conf:
...
protocol lda {
  ...
  sieve_global_path = /etc/dovecot/global.sieve
  ...
}

/etc/dovecot/global.sieve:
if header :contains X-Spam-Flag YES {
  fileinto Spam;
  stop;
}

AND remember to byte-compile the script

/usr/libexec/dovecot/sievec /etc/dovecot/global.sieve /etc/dovecot/global.sievec

[Dovecot] potential maildir folder rename bug

2007-10-01 Thread pod 
Admittedly not a common situation but:

MAIL=maildir:~/tmp/dovecot/Maildir ./src/imap/imap 
* PREAUTH [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND 
UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS] Logged in as pod
01 LIST  *
* LIST (\HasNoChildren) . INBOX
01 OK List completed.
02 CREATE a
02 OK Create completed.
03 LIST  *
* LIST (\HasNoChildren) . a
* LIST (\HasNoChildren) . INBOX
03 OK List completed.
04 RENAME a a.b
04 OK Rename completed.
05 LIST  *
* LIST (\HasNoChildren) . a.b.b
* LIST (\HasNoChildren) . INBOX
05 OK List completed.

I was expecting to wind up with two folders INBOX and a.b.  Instead I
got INBOX and a.b.b.

I think the problem is that .a gets renamed in the filesystem to .a.b
before src/lib-storage/index/maildir/maildir-storage.c rename_subfolders()
is called, which then finds .a.b, assumes b was a subfolder of a so
renames it.

The following may or may not be an appropriate fix.  It certainly feels
rather ad hoc and I've not thought too deeply about other circumstances
where this code is called.  I'd certainly appreciate a second opinion.

diff -r 8d6433652a33 src/lib-storage/index/maildir/maildir-storage.c
--- a/src/lib-storage/index/maildir/maildir-storage.c   Sun Sep 30 18:03:17 
2007 +0300
+++ b/src/lib-storage/index/maildir/maildir-storage.c   Mon Oct 01 20:13:27 
2007 +0100
@@ -937,6 +937,10 @@ static int rename_subfolders(struct inde
t_push();
 
old_listname = t_strconcat(oldname, names[i], NULL);
+   if (strcmp(old_listname, newname) == 0) {
+   t_pop();
+   continue;
+   }
new_listname = t_strconcat(newname, names[i], NULL);
oldpath = maildir_get_path(storage, old_listname);
newpath = maildir_get_path(storage, new_listname);

Re: [Dovecot] deliver w/quotas - MDN after accept mail?

2007-09-25 Thread pod 
 KA == Ken A [EMAIL PROTECTED] writes:

KA Tried with -e, but sendmail says EX_NOPERM is a permanent error,
KA and issues it's own DSN immediately. dsn=5.0.0, stat=Insufficient
KA permission. :-(

Not unexpected.  I assumed (but neglected to express the assumption :) one
could configure sendmail to consider the EX_NOPERM a temporary failure if
one wanted that sort of behaviour.  Not great I admit.

Re: [Dovecot] Dovecot + Sieve

2007-09-06 Thread pod 
 DM == Daniel L Miller [EMAIL PROTECTED] writes:

DM I did make a discovery - hardcoding the sieve path, without
DM variables, e.g. sieve = /var/mail/amfes.com/dmiller/sieve -
DM worked!

DM Is there a problem using the domain / user variables in the
DM configuration file?

get_sieve_path() from cmusieve-plugin.c doesn't do % expansions.  The
result of get_sieve_path() names a file that gets processed.

Here's what it does:

  - look at sieve var
- if it is set but empty no sieve processing will occur at all
  (i.e. sieve_global_path, see below, will _not_ be considered)
- if it doesn't begin with a '/' prepend $HOME/
- if it is not set then use ~/.dovecot.sieve (which is equivalent to
  $HOME/.dovecot.sieve in this case)

If the file found above doesn't exist (strictly speaking if stat(2)
returns a negative result) use sieve_global_path.  If that is not set, for
backwards compatibilty, use global_script_path.  Note that whatever gets
returned by get_sieve_path() is expected to name a _file_ containing
sieve statements.

Re: [Dovecot] maildir rename_subfolders() and listescape interaction

2007-09-03 Thread pod 
 pod == pod  [EMAIL PROTECTED] writes:

pod I'd like to flag a problem we are observing that looks like it is
pod caused by the listescape-plugin.c.  I realize that this plugin is
pod not part of the standard Dovecot 1.0 distribution but I would
pod appreciate any insights or suggestions for fixes that anyone is
pod kind enough to offer.
[...]

Update: my original analysis of this was incorrect.  The 'internal'
functions are correctly using 'internal' names, however
maildir_mailbox_list_next() references storage-hierarchy_sep to obtain a
char with which to join together path elements.  Under listescape however
storage-hierarchy_sep == '/' so non-existent pathnames are generated.

I've come up with the following workaround but I can't help feeling it is
maybe a little fragile.

Timo: please consider applying this to

http://dovecot.org/patches/1.0/listescape-plugin.c
diff -r 70cc4b8884ef src/plugins/listescape/listescape-plugin.c
--- a/src/plugins/listescape/listescape-plugin.cTue Jul 31 19:42:03 
2007 +0100
+++ b/src/plugins/listescape/listescape-plugin.cFri Aug 31 19:21:05 
2007 +0100
@@ -160,10 +160,16 @@ listescape_mailbox_rename(struct mail_st
 {
struct listescape_mail_storage *mstorage =
LIST_ESCAPE_CONTEXT(storage);
+   char saved_hierarchy_sep;
+   int ret;
 
oldname = list_escape(oldname);
newname = list_escape(newname);
-   return mstorage-super.mailbox_rename(storage, oldname, newname);
+   saved_hierarchy_sep = storage-hierarchy_sep;
+   storage-hierarchy_sep = REAL_SEP;
+   ret = mstorage-super.mailbox_rename(storage, oldname, newname);
+   storage-hierarchy_sep = saved_hierarchy_sep;
+   return ret;
 }
 
 static int listescape_set_subscribed(struct mail_storage *storage,

[Dovecot] maildir rename_subfolders() and listescape interaction

2007-08-30 Thread pod 
I'd like to flag a problem we are observing that looks like it is caused
by the listescape-plugin.c.  I realize that this plugin is not part of the
standard Dovecot 1.0 distribution but I would appreciate any insights or
suggestions for fixes that anyone is kind enough to offer.

The problem concerns subfolder renames when used in conjunction with
Maildir folders (I've not tested this against any other folder type).

Without listescape plugin:

mail_location: maildir:%h/Maildir:INDEX=%h/index:CONTROL=%h/control
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
namespace:
  type: private
  separator: /
  inbox: yes

01 LIST  *
* LIST (\HasNoChildren) / INBOX
01 OK List completed.
02 CREATE a
02 OK Create completed.
03 CREATE a/b
03 OK Create completed.
04 LIST  *
* LIST (\HasChildren) / a
* LIST (\HasNoChildren) / INBOX
* LIST (\HasNoChildren) / a/b
04 OK List completed.
05 RENAME a c
05 OK Rename completed.
06 LIST  *
* LIST (\HasChildren) / c
* LIST (\HasNoChildren) / INBOX
* LIST (\HasNoChildren) / c/b
06 OK List completed.
07 LOGOUT
* BYE Logging out
07 OK Logout completed.

With listescape plugin:

mail_location: maildir:%h/Maildir:INDEX=%h/index:CONTROL=%h/control
mail_plugins(default): quota imap_quota listescape
mail_plugins(imap): quota imap_quota listescape
namespace:
  type: private
  separator: /
  inbox: yes

01 LIST  *
* LIST (\HasNoChildren) / INBOX
01 OK List completed.
02 CREATE a
02 OK Create completed.
03 CREATE a/b
03 OK Create completed.
04 LIST  *
* LIST (\HasChildren) / a
* LIST (\HasNoChildren) / INBOX
* LIST (\HasNoChildren) / a/b
04 OK List completed.
05 RENAME a c
05 NO Internal error occurred. Refer to server log for more information. 
[2007-08-30 19:33:41]
06 LIST  *
* LIST (\HasNoChildren) / a/b
* LIST (\HasNoChildren) / c
* LIST (\HasNoChildren) / INBOX
06 OK List completed.
07 LOGOUT
* BYE Logging out
07 OK Logout completed.

Seemingly the only relevant log entry is

@400046d70d8f1f72b66c dovecot: Error: IMAP(pod): 
rename(/srv/mail/home/test0/pod/Maildir/.a/b, 
/srv/mail/home/test0/pod/Maildir/.c/b) failed: No such file or directory

Note the response to tag 05 in each case.  The 06 list response in the
listescape case is not unexpected given the nature of the failure.

My initial reading of rename_subfolders() from maildir-storage.c suggests
that the calls through maildir_mailbox_list_init() and
maildir_mailbox_list_next() are returning external style names
(i.e. ones that present / as the hierarchy separator) to
rename_subfolders(), which is an internal helper function.  This is
supported by the logged error message.

I am afraid I am yet to get my head around the actual code path and the
escaping and unescaping that is going on so am not able to suggest a fix
as yet.

Re: [Dovecot] deliver copies ^From header lines when delivering to Maildir

2007-08-14 Thread pod 
 TS == Timo Sirainen [EMAIL PROTECTED] writes:

TS Well, doing it only if it's the first header would make it better.

Sure, I considered that.  I note though that the save_header_callback()
from mbox-save.c also does not make this distinction and will strip a
^From  anywhere in the headers so I am going to claim I followed suit on
grounds of consistency :-)

[Dovecot] logging dovecot-sieve vacation responses

2007-08-13 Thread pod 
I attach a patch that adds some informational logging for the vacation
outcome in a similar style as the 'notify', 'redirect' and 'reject' cases.

I considered adding logging for the not-willing-to-respond case since I
think that would greatly assist testing/debugging vacation responses, but
couldn't see where to put it that wasn't in the CMU code.
# HG changeset patch
# User [EMAIL PROTECTED]
# Date 1187020492 -3600
# Node ID 88b201d37835eb841fba76b9e918857f7236eafa
# Parent  5132f4b25eb08437f22ce2458bfa6b1e4d27ae9c
informational logging of vacation response outcome

diff -r 5132f4b25eb0 -r 88b201d37835 src/sieve-cmu.c
--- a/src/sieve-cmu.c   Tue Aug 07 20:24:57 2007 +0100
+++ b/src/sieve-cmu.c   Mon Aug 13 16:54:52 2007 +0100
@@ -346,23 +346,25 @@ static int autorespond(void *ac,
 static int autorespond(void *ac, 
   void *ic __attr_unused__,
   void *sc,
-  void *mc __attr_unused__,
+  void *mc,
   const char **errmsg __attr_unused__)
 {
 sieve_autorespond_context_t *arc = (sieve_autorespond_context_t *) ac;
 script_data_t *sd = (script_data_t *) sc;
-int ret;
+sieve_msgdata_t *md = mc;
 
 /* ok, let's see if we've responded before */
-ret = duplicate_check(arc-hash, arc-len,  sd-username) ?
-   SIEVE_DONE : SIEVE_OK;
-
-if (ret == SIEVE_OK) {
-   duplicate_mark(arc-hash, arc-len, sd-username,
-  ioloop_time + arc-days * (24 * 60 * 60));
-}
-
-return ret;
+if (duplicate_check(arc-hash, arc-len,  sd-username)) {
+   i_info(msgid=%s: discarded duplicate vacation response to %s,
+  md-id == NULL ?  : str_sanitize(md-id, 80),
+  str_sanitize(md-return_path, 80));
+   return SIEVE_DONE;
+}
+
+duplicate_mark(arc-hash, arc-len, sd-username,
+   ioloop_time + arc-days * (24 * 60 * 60));
+
+return SIEVE_OK;
 }
 
 static int send_response(void *ac, 
@@ -409,6 +411,9 @@ static int send_response(void *ac,
 if (smtp_client_close(smtp_client) == 0) {
 duplicate_mark(outmsgid, strlen(outmsgid),
sdata-username, ioloop_time + DUPLICATE_DEFAULT_KEEP);
+   i_info(msgid=%s: sent vacation response to %s,
+  md-id == NULL ?  : str_sanitize(md-id, 80),
+  str_sanitize(md-return_path, 80));
return SIEVE_OK;
 } else {
*errmsg = Error sending mail;

Re: [Dovecot] Maildir Skeleton

2007-08-08 Thread pod 
 SG == Sebastian Ganschow [EMAIL PROTECTED] writes:

SG Even if I set global_script_dir = /var/vmail dovecot won't use
SG the global filter.

shell$ cd dovecot-sieve-1.0.2
shell$ find . -type f -name \*.[ch] -print0 | xargs -0 grep -i -e global_script
./src/cmusieve-plugin.c:script_path = 
getenv(GLOBAL_SCRIPT_PATH);

shell$ 

Have you tried

  global_script_path = /var/vmail/script.sieve

Note that the var name is _path not _dir, and the value should be a script
file not a directory.

I'm just jumping in here mid-thread so apologies if I'm misunderstanding
the nature of your problem.

[Dovecot] dovecot-sieve vacation changes

2007-08-07 Thread pod 
I'd like to put forward the following patch for dovecot-sieve.

Essentially this just merges in some changes made in CMU sieve 2.3.8 and
as such brings the behaviour more in line with RFC 3834 Recommendations
for Automatic Responses to Electronic Mail:

 - fixes erroneous sender -request substring match

 - checks for existence of a selection of list-* headers

 - expands named-as-recipient header checks to Resent-To, Resent-CC
   and Resent-BCC fields.  Note that the appended patch also includes a
   fix for some missing parentheses in the resent-to test which resulted
   in some extra work being done but was otherwise harmless.  The fix has
   been sent to [EMAIL PROTECTED]

 - prefixes subject in response with Auto:  rather than (non-expanding)
   Re: 

I also, mostly for kicks, attach two sieve-like scripts that attempt to
encapsulate the when-not-to-respond logic as implemented (if the patch
were to be applied) and as advised by RFC 3834 respectively.  I wrote
these as an exercise to help me gain a better understanding of sieve and
the CMU implementation.  I'm not sure they are otherwise useful.
#
# An attempt to render, as SIEVE, the actions of shouldRespond() from CMU
# sieve/bc_eval.c as distributed with cyrus-imapd 2.3.8
#
# This is not valid SIEVE; The following expansions must first be
# performed:
#
#  - %myaddrs%  list of valid recipient addresses
#  - %envrcpt%  the actual envelope recipient
#
# Example:
#
#  sed -e 's/%myaddrs%/[[EMAIL PROTECTED], [EMAIL PROTECTED]]/' \
#  -e 's/%envrcpt%/[EMAIL PROTECTED]/'  vacation.sieve.in
#
require [envelope];

if anyof ( exists list-id,
   exists list-help,
   exists list-subscribe,
   exists list-unsubscribe,
   exists list-post,
   exists list-owner,
   exists list-archive,

   # XXX bc_eval.c also skips leading whitespace
   not header :is auto-submitted no,

   # XXX bc_eval.c also skips leading whitespace
   header :is precedence [junk, bulk, list],

   # XXX does this really catch null sender?
   envelope :all :is from ,

   # envelope sender equals envelope recipient; redundant if we assume
   # %envrcpt% is an element in %myaddrs%
   envelope :all :is from %envrcpt%,
   envelope :all :is from %myaddrs%,

   envelope :localpart :is from [mailer-daemon,
   listserv,
   majordomo],
   envelope :comparator i;octet
:localpart :matches from [*-request,
owner-*],
   not address :all :is [to,
 cc,
 bcc,
 resent-to,
 resent-cc,
 resent-bcc] %myaddrs%
) {
  discard;
}
#
# An attempt to render, as SIEVE, the advice from RFC 3834 section 2 When
# (not) to send automatic responses.  Assumes we are a Personal
# Responder.
#
# This is not valid SIEVE; The following expansions must first be
# performed:
#
#  - %myaddrs%list of valid recipient addresses
#  - %untrusted%  list of untrusted envelope senders
#
# Example:
#
#  sed -e 's/%myaddrs%/[[EMAIL PROTECTED], [EMAIL PROTECTED]]/' \
#  -e 's/%untrusted%/[[EMAIL PROTECTED]]/'  rfc3834.sieve.in
#
require [envelope];

if anyof ( # Fails to account for syntax defined in section 5.1
   # SHOULD NOT
   not header :is auto-submitted no, 
   
   # SHOULD NOT
   not address :all :is [to,
 cc,
 bcc,
 resent-to,
 resent-cc,
 resent-bcc] %myaddrs%,

   # MAY
   envelope :all :is from %untrusted%,

   # XXX Not clear if this correctly expresses a null sender
   # MUST NOT
   envelope :all :is from ,

   # Strictly speaking localparts are case-sensitive hence the
   # use of :comparator.  In reality the default i;ascii-casemap
   # comparator almost certainly make more sense.
   # MAY
   envelope :comparator i;octet
:localpart :is from [MAILER-DAEMON],
   envelope :comparator i;octet
:localpart :matches from [*-request,
owner-*],

   # XXX no such recommendation is actually made
   # MAY
   header :is precedence list,

   # Mentions List-* and references RFC2369.  Not possible to
   # express list-* as a header match in sieve.  Instead just
   # enumerate the RFC2369 and RFC2919 (List-ID) defined headers.
   # MAY
   exists list-help,
   exists list-unsubscribe,
   exists list-subscribe,
   exists

Re: [Dovecot] Allowing tilde at start of mailbox names

2007-07-25 Thread pod 
 TS == Timo Sirainen [EMAIL PROTECTED] writes:

TS It's mostly there just to make sure that ~/ or ~user/ can't be
TS used to open mailboxes where you weren't supposed to have access
TS to. I didn't think anyone would really want to have mailboxes
TS beginning with ~. Do you really want them? (I don't think they
TS were possible with UW-IMAP either?)

Unfortunately yes it would be useful in my case to have them because of
historical accident.  UW-IMAP does in fact allow it but maybe only if one
is using particular build-time options such as blackBoxDir; I forget the
precise details.  Suffice to say at some point users were erroneously told
to configure clients with '~/mail' as a prefix and this in combination
with the particular UW-IMAP build options means we have users with folder
hierarchies beginning ~/mail ('~' uninterpreted).  I don't think I can
work around this with a hidden namespace since a client subsequently
configured not to use a prefix will be used to seeing folders under
~/mail ('~' uninterpreted).  I'm (increasingly forlornly it seems)
attempting to migrate with no user visible change.

 Why is it not possible to have mailbox names that begin with '~'
 but without '~' carrying any special meaning?

TS That's what the code does if you don't have
TS mail_full_filesystem_access=yes, but I thought I'd prevent this in
TS no case just in case of a bug somewhere, possibly even outside of
TS Dovecot itself.

I appreciate your reasoning regarding bugs elsewhere.  I was, however,
hoping to introduce a mode of behaviour that would allow me to accept the
risk.  I'm not using virtual users; every login runs under its own uid so
I still have filesystem permissions as a reasonable fall back.

TS There are too many settings
TS already. mail_full_filesystem_access=no should be enough for this.

I completely understand why you want to keep the number of setting down.
My motivation for introducing a new setting was a vain hope that allowing
uninterpreted (*name == '~') behaviour could go into the 1.0 codebase but
without also changing the meaning of mail_full_filesystem_access=no in
existing deployments.

Re: [Dovecot] Allowing tilde at start of mailbox names

2007-07-25 Thread pod 
 TS == Timo Sirainen [EMAIL PROTECTED] writes:

TS How about if listescape plugin escaped it? That would make it
TS possible to use them but still safe against accidental problems.

Yes, I think that would work fine at least for my particular purposes
since we'll almost certainly be running with the listescape plugin anyway.

TS For others too, I implemented a plugin for escaping mailbox names
TS with Maildir so that it's possible to use '.' in mailbox names:
TS http://dovecot.org/patches/1.0/listescape-plugin.c

Not one to blow your own trumpet are you!  For further explanation for the
benefit of the list: I recently contacted Timo privately asking if he
would consider us funding him to implement a modified maildir layout for
us.  A few hours later he responded with listescape-plugin.c.  What an
absolute star.

Re: [Dovecot] Dovecot 1.0.0 and Seive 1.0.1 on FreeBSD

2007-04-20 Thread pod 
 ed == Ed Lucero [EMAIL PROTECTED] writes:

ed It creates two binaries sievec and sieved. [...]

- sievec is a standalone bytecode compiler
- sieved is a standalone bytecode de-compiler

You can use them to verify that .dovecot.sieve and .dovecot.sievec are
being updated correctly by the cmusieve plugin.  The dovecot-sieve tarball
bundles CMU libsieve, from which they originate, and they get installed
'for free'.