Re: virtual isp address, local delivery

[Aki Tuomi]

On 07.06.2017 01:18, Hugh Bragg wrote:
> I'm trying to understand how to deliver mail to an address locally
> which is popped from my isps email account.
>
> I access and keep these emails backed up on dovecot and use postfix
> smtp to deliver mail.
>
> The problem is that while fetchmail uses dovecot lda directly, postfix
> can't include my isps domain in its $mydestination because I won't be
> able to send mail to other users in that domain.
>
> I want to be able to send mail to other users I'm popping for in that
> domain, or even send myself mail.
>
> Currently postfix just relays the mail to the isp and it returns
> through fetchmail, but I'd like to have it delivered locally and still
> be able to email my isp users that I don't pop.
>
> As far as I can tell, this can't be done because virtual users have to
> be in postfix $mydestination.
>
> Does someone have a better setup they can share or know how to do this?
>
>
> Hugh

Perhaps you should list it as virtual_mailbox_domain then?
http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox

Aki

Re: v2.2.30.1 released

[Olaf Hopp]

On 06/06/2017 01:14 PM, Aki Tuomi wrote:



On 06.06.2017 14:11, Olaf Hopp wrote:

On 06/05/2017 11:05 AM, Angel L. Mateo wrote:

  I have updated my dovecot proxy servers from 2.2.28 to 2.2.30.
Since the upgrade I'm having the error:

Jun  5 10:54:51 musio12 dovecot: auth: Fatal: master: service(auth):
child 63632 killed with signal 11 (core not dumped)





Me too, with

# 2.2.30.1 (eebd877): /opt/dovecot/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: Linux 2.6.32-696.3.1.el6.x86_64 x86_64 CentOS release 6.9 (Final)

OS ist up2date.
Please fix this ASAP.

Olaf


Hi!

We have identified a bug in auth process, and are working with a fix.

Aki



Great. Working clean with 2.2.30.2
Thanks, Olaf

--
Karlsruher Institut für Technologie (KIT)
ATIS - Abt. Technische Infrastruktur, Fakultät für Informatik

Dipl.-Geophys. Olaf Hopp
- Leitung IT-Dienste -

Am Fasanengarten 5, Gebäude 50.34, Raum 009
76131 Karlsruhe
Telefon: +49 721 608-43973
Fax: +49 721 608-46699
E-Mail: olaf.h...@kit.edu
atis.informatik.kit.edu

www.kit.edu

KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft

Das KIT ist seit 2010 als familiengerechte Hochschule zertifiziert.




smime.p7s
Description: S/MIME Cryptographic Signature

Re: virtual isp address, local delivery

[Hugh Bragg]

On 07/06/17 15:59, Aki Tuomi wrote:


On 07.06.2017 01:18, Hugh Bragg wrote:

I'm trying to understand how to deliver mail to an address locally
which is popped from my isps email account.

I access and keep these emails backed up on dovecot and use postfix
smtp to deliver mail.

The problem is that while fetchmail uses dovecot lda directly, postfix
can't include my isps domain in its $mydestination because I won't be
able to send mail to other users in that domain.

I want to be able to send mail to other users I'm popping for in that
domain, or even send myself mail.

Currently postfix just relays the mail to the isp and it returns
through fetchmail, but I'd like to have it delivered locally and still
be able to email my isp users that I don't pop.

As far as I can tell, this can't be done because virtual users have to
be in postfix $mydestination.

Does someone have a better setup they can share or know how to do this?


Hugh

Perhaps you should list it as virtual_mailbox_domain then?
http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox

Aki


Thanks,

But I think if I use that then mails I send to anyone else in my isps 
domain will be rejected.

I want those mails to go to the default relayhost, which belongs to my isp.
Just for clarity, If an address is not in $mydestination or 
$virtual_mailbox_domains, I'm trying to get postfix to lookup the user 
and if it finds it then it uses dovecot lda, otherwise it uses relayhost.
I've signed up to the postfix mailing list so I'll see if they can field 
this one there.


Hugh

Re: 2nd try: Thunderbird "Empty Trash" causes inconsistent IMAP session state?

[awl1]

Sorry, just one more thing I've just noticed now from looking at the 
IMAP session IDs:


Dovecot seems to map the steps as outlined below to four different IMAP 
session IDs all related to the exact same Thunderbird client instance:


 *  session for the folder copy of folder "Dilbert"
   with 317 messages
 *  session for the deletion of folder "Dilbert" into
   Trash
 *  session from which the empty Trash seems to be
   run and which ends up in "inconsistent state"
 *  another session seemingly accessing the Trash
   folder for which I am unable to determine its exact purpose

Maybe the issue is that the fourth session should not even exist or at 
least has a race condition with the third one?


Thanks again & best regards
Andreas


Am 07.06.2017 um 22:19 schrieb awl1:

Hello Aki,

please find attached the debug log from another incident, this time 
with IMAP session ID () in the logs and with 
"mail_debug=yes" in dovecot.conf.


I can consistently reproduce the "inconsistent state" error message by 
the following steps from the most recent Thunderbird version (52.1.1, 
on 64-bit Linux Ubuntu 16.04.02 LTS):


 * copy a folder (in the sample log: named "Dilbert") with several mail
   messages from my mail provider remote IMAP account into my local
   Dovecot archive account
 * delete this folder from the Dovecot archive account into the Trash
   folder
 * empty the Trash folder from Thunderbird
 * immediately, the message about "inconsistent IMAP session state"
   appears in the dovecot-info.log

In case the log even with mail_debug=yes again is no real help (which 
I fear to be the case, as to me, the log looks very similar to the 
previous log), would you be able to insert some additional debug log 
statements into Dovecot code at some appropriate places, and let me 
try again with such an additional debug version?


Many thanks & best regards
Andreas


Am 07.06.2017 um 07:57 schrieb Aki Tuomi:
That log didn't do much help, can you try enabling mail_debug=yes for 
a moment and see if it gives any more insight? Aki On 05.06.2017 
15:13, awl1 wrote:

Hello again,

here you are (log excerpt from May 29 00:06:02 until May 29 01:17:49):

May 29 00:12:05 imap(x...@xxx.org): Info: IMAP session state is
inconsistent, please relogin. in=1369 out=222662
May 29 00:12:05 imap(x...@xxx.org): Info: IMAP session state is
inconsistent, please relogin. in=204 out=1504
May 29 00:40:29 imap(x...@xxx.org): Info: IMAP session state is
inconsistent, please relogin. in=1213 out=6414
May 29 00:40:30 imap(x...@xxx.org): Info: IMAP session state is
inconsistent, please relogin. in=227 out=1430


I'd still be interested anyway in what I'd have t do in order to add
the session ID to my future log files. Is this documented anywhere?

https://wiki.dovecot.org/Variables does not help enough with regards
to how to apply it to logfile settings in dovecot.conf... :-(


Thanks again & best regards
Andreas


Am 05.06.2017 um 13:50 schrieb Aki Tuomi:

Yes, that would help too.

Aki


On 05.06.2017 14:35, awl1 wrote:

Hello Aki,

sorry, but I am still a newbie to Dovecot:

Hmm - I don't seem to have IMAP session IDs in every line of my
dovecot-info.log. that could be used to extract IMAP session-related
info.

I assume that I have to set up logging in a specific way to add and
then find the IMAP session ID in my logs. Could you please point 
me to

the docs about how to configure this for the future?

What I can offer now from my old logs is to provide log file excerpts
from some minutes/seconds before the "Empty Trash" action caused the
"inconsistent IMPA state" message until shortly after - would that
help as well!?

Best regards & apologies
Andreas


Am 05.06.2017 um 13:13 schrieb Aki Tuomi:

Can you provide full logs for the imap session? Basically you can do
grep session-id logfile.

Aki

lmtp: Error: Temp file creation to /tmp/ ... failed: No such file or directory on incoming mails with attachments

[Lars-Sören Steck]

Dear list,

I'm currently facing problems when receiving eMails with attachments, at
least sometimes.

My mailserver is set up with the tool 'Mailcow', and hence is based on
Dovecot (2.2.22 (fe789d2)) and Postfix.

Usually, there are no problems with receiving mails. If a mail has an
attachment, however, it is possible that the following error occurs
(extract from /var/log/mail.log):

'Jun  7 12:50:28 mail postfix/lmtp[26827]: 564E68A0515:
to=, relay=my.mail.server[private/dovecot-lmtp],
delay=0.71, delays=0.67/0.01/0.01/0.02, dsn=4.3.0, status=deferred (host
my.mail.server[private/dovecot-lmtp] said: 451 4.3.0 Temporary internal
failure (in reply to end of DATA command))'

Extract from /var/log/mail.err:

'Jun  7 12:50:28 mail dovecot: lmtp(26828): Error: Temp file creation to
/tmp/dovecot.lmtp.mail.26828. failed: No such file or directory'


Once this happened the first time after dovecot is running, it will
happen for all incoming mails with attachments. This can be solved
temporarily by restarting the dovecot service and running postqueue -f,
but that obviously does not solve the underlying problem.

In this post to this list, it is stated that dovecot sometimes creates
temp files to avoid 'excessive memory usage'. I'm guessing that this is
the case here, also the error message is similiar:

https://dovecot.org/list/dovecot/2016-June/104722.html


Should I simply change the configuration variable mail_temp_dir to solve
this? Why is dovecot not able to find the /tmp folder? In the list
thread, it is stated that this is caused by dovecot running with enabled
chrooting. As far as I understand it though (correct me if I'm wrong),
chrooting is not enabled in my dovecot configuration.

Please find attached the output of 'dovecot -n':

# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-78-generic x86_64 Ubuntu 16.04.2 LTS
auth_mechanisms = plain login
dict {
  sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf
}
listen = *
log_timestamp = "%Y-%m-%d %H:%M:%S "
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k
mail_home = /var/vmail/%d/%n
mail_location = maildir:~/
mail_max_userip_connections = 500
mail_plugins = quota acl fts fts_solr
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace {
  list = yes
  location = maildir:%%h/:INDEXPVT=~/Shared/%%u
  prefix = Shared/%%u/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes
  location =
  mailbox Archiv {
special_use = \Archive
  }
  mailbox Archive {
auto = subscribe
special_use = \Archive
  }
  mailbox Archives {
special_use = \Archive
  }
  mailbox "Deleted Messages" {
special_use = \Trash
  }
  mailbox Drafts {
auto = subscribe
special_use = \Drafts
  }
  mailbox Entwürfe {
special_use = \Drafts
  }
  mailbox "Gelöschte Objekte" {
special_use = \Trash
  }
  mailbox Gesendet {
special_use = \Sent
  }
  mailbox "Gesendete Objekte" {
special_use = \Sent
  }
  mailbox Junk {
auto = subscribe
special_use = \Junk
  }
  mailbox Papierkorb {
special_use = \Trash
  }
  mailbox Sent {
auto = subscribe
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
auto = subscribe
special_use = \Trash
  }
  prefix =
  separator = /
}
passdb {
  args = /etc/dovecot/dovecot-mysql.conf
  driver = sql
}
plugin {
  acl = vfile
  acl_anyone = allow
  acl_shared_dict = file:/var/vmail/shared-mailboxes.db
  fts = solr
  fts_autoindex = yes
  fts_solr = url=http://127.0.0.1:8983/solr/
  quota = dict:Userquota::proxy::sqlquota
  quota_rule2 = Trash:storage=+100%%
  sieve = /var/vmail/sieve/%u.sieve
  sieve_after = /var/vmail/sieve/global.sieve
  sieve_max_script_size = 1M
  sieve_quota_max_scripts = 0
  sieve_quota_max_storage = 0
}
protocols = imap sieve lmtp pop3
service auth {
  unix_listener /var/spool/postfix/private/auth_dovecot {
group = postfix
mode = 0660
user = postfix
  }
  unix_listener auth-master {
mode = 0600
user = vmail
  }
  unix_listener auth-userdb {
mode = 0600
user = vmail
  }
  user = root
}
service dict {
  unix_listener dict {
group = vmail
mode = 0660
user = vmail
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
  }
  user = vmail
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
  process_min_avail = 2
  service_count = 1
  vsz_limit = 128 M
}
service managesieve {
  process_limit = 256
}
ssl_cert = 

Re: virtual isp address, local delivery

[Hugh Bragg]

On 07/06/17 15:59, Aki Tuomi wrote:

On 07.06.2017 01:18, Hugh Bragg wrote:

I'm trying to understand how to deliver mail to an address locally
which is popped from my isps email account.

I access and keep these emails backed up on dovecot and use postfix
smtp to deliver mail.

The problem is that while fetchmail uses dovecot lda directly, postfix
can't include my isps domain in its $mydestination because I won't be
able to send mail to other users in that domain.

I want to be able to send mail to other users I'm popping for in that
domain, or even send myself mail.

Currently postfix just relays the mail to the isp and it returns
through fetchmail, but I'd like to have it delivered locally and still
be able to email my isp users that I don't pop.

As far as I can tell, this can't be done because virtual users have to
be in postfix $mydestination.

Does someone have a better setup they can share or know how to do this?


Hugh

Perhaps you should list it as virtual_mailbox_domain then?
http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox

Aki


I added
transport_maps  = 
hash 
:/etc/postfix/transport

to main.cf
added
us...@myisp.com dovecot:
to transport to use my existing dovecot pipe from master.cf
then ran
postmap /etc/postfix/transport
systemctl reload postfix
And it works like a charm.

Thanks again

Re: 2nd try: Thunderbird "Empty Trash" causes inconsistent IMAP session state?

[awl1]

Hello Aki,

please find attached the debug log from another incident, this time with 
IMAP session ID () in the logs and with 
"mail_debug=yes" in dovecot.conf.


I can consistently reproduce the "inconsistent state" error message by 
the following steps from the most recent Thunderbird version (52.1.1, on 
64-bit Linux Ubuntu 16.04.02 LTS):


 * copy a folder (in the sample log: named "Dilbert") with several mail
   messages from my mail provider remote IMAP account into my local
   Dovecot archive account
 * delete this folder from the Dovecot archive account into the Trash
   folder
 * empty the Trash folder from Thunderbird
 * immediately, the message about "inconsistent IMAP session state"
   appears in the dovecot-info.log

In case the log even with mail_debug=yes again is no real help (which I 
fear to be the case, as to me, the log looks very similar to the 
previous log), would you be able to insert some additional debug log 
statements into Dovecot code at some appropriate places, and let me try 
again with such an additional debug version?


Many thanks & best regards
Andreas


Am 07.06.2017 um 07:57 schrieb Aki Tuomi:
That log didn't do much help, can you try enabling mail_debug=yes for 
a moment and see if it gives any more insight? Aki On 05.06.2017 
15:13, awl1 wrote:

Hello again,

here you are (log excerpt from May 29 00:06:02 until May 29 01:17:49):

May 29 00:12:05 imap(x...@xxx.org): Info: IMAP session state is
inconsistent, please relogin. in=1369 out=222662
May 29 00:12:05 imap(x...@xxx.org): Info: IMAP session state is
inconsistent, please relogin. in=204 out=1504
May 29 00:40:29 imap(x...@xxx.org): Info: IMAP session state is
inconsistent, please relogin. in=1213 out=6414
May 29 00:40:30 imap(x...@xxx.org): Info: IMAP session state is
inconsistent, please relogin. in=227 out=1430


I'd still be interested anyway in what I'd have t do in order to add
the session ID to my future log files. Is this documented anywhere?

https://wiki.dovecot.org/Variables does not help enough with regards
to how to apply it to logfile settings in dovecot.conf... :-(


Thanks again & best regards
Andreas


Am 05.06.2017 um 13:50 schrieb Aki Tuomi:

Yes, that would help too.

Aki


On 05.06.2017 14:35, awl1 wrote:

Hello Aki,

sorry, but I am still a newbie to Dovecot:

Hmm - I don't seem to have IMAP session IDs in every line of my
dovecot-info.log. that could be used to extract IMAP session-related
info.

I assume that I have to set up logging in a specific way to add and
then find the IMAP session ID in my logs. Could you please point me to
the docs about how to configure this for the future?

What I can offer now from my old logs is to provide log file excerpts
from some minutes/seconds before the "Empty Trash" action caused the
"inconsistent IMPA state" message until shortly after - would that
help as well!?

Best regards & apologies
Andreas


Am 05.06.2017 um 13:13 schrieb Aki Tuomi:

Can you provide full logs for the imap session? Basically you can do
grep session-id logfile.

Aki






dovecot-info.log.tar.xz
Description: application/xz

Re: Dovecot LDAP using custom field to allow users to connect

[Martin Wheldon]

Hi Michael,

Just noticed you are using auth_bind_userdn which we don't.
I think you may need to use pass_filter rather than user_filter??

Best Regards

Martin

On 2017-06-07 10:59, Martin Wheldon wrote:

Hi Michael,

We do exactly that see example below:

user_filter =
(&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u)))
pass_filter =
(&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)))

Does it work without the AllowUser section of the search?
Do you get any records back when you do a ldapsearch with your
user_filter search?

Best Regards

Martin

On 2017-06-07 09:48, Michael JOIGNY wrote:

Hi all,

I'd like to know if it's possible to add a custom field when the
authentification is made by users.

My boolean custom field will be for example "AllowUser" (false/true).

I'm trying to do something like that but it's not working :

/user_filter =
(&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/

This is my dovecot/ldap configuration below :

/*# dovecot.conf*
/
/passdb {//
//  driver = ldap//
//  args = /etc/dovecot/dovecot-ldap.conf//
//}/

*# dovecot-ldap.conf*

/hosts = myurl:myport//
//dn = cn=myuser,dc=mydomain,dc=com//
//dnpass = //
//a//uth_bind = yes//
//auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com//
//ldap_version = 3//
//base = ou=Users,dc=mydomain,dc=com//
//scope = base//
//default_pass_scheme = SSHA512
/
Do you have an idead ?

Kind regards.

--
Michael

Re: Dovecot LDAP using custom field to allow users to connect

[Martin Wheldon]

Hi Michael,

We do exactly that see example below:

user_filter = 
(&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u)))
pass_filter = 
(&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)))


Does it work without the AllowUser section of the search?
Do you get any records back when you do a ldapsearch with your 
user_filter search?


Best Regards

Martin

On 2017-06-07 09:48, Michael JOIGNY wrote:

Hi all,

I'd like to know if it's possible to add a custom field when the
authentification is made by users.

My boolean custom field will be for example "AllowUser" (false/true).

I'm trying to do something like that but it's not working :

/user_filter =
(&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/

This is my dovecot/ldap configuration below :

/*# dovecot.conf*
/
/passdb {//
//  driver = ldap//
//  args = /etc/dovecot/dovecot-ldap.conf//
//}/

*# dovecot-ldap.conf*

/hosts = myurl:myport//
//dn = cn=myuser,dc=mydomain,dc=com//
//dnpass = //
//a//uth_bind = yes//
//auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com//
//ldap_version = 3//
//base = ou=Users,dc=mydomain,dc=com//
//scope = base//
//default_pass_scheme = SSHA512
/
Do you have an idead ?

Kind regards.

--
Michael

Dovecot LDAP using custom field to allow users to connect

[Michael JOIGNY]

Hi all,

I'd like to know if it's possible to add a custom field when the 
authentification is made by users.


My boolean custom field will be for example "AllowUser" (false/true).

I'm trying to do something like that but it's not working :

/user_filter = 
(&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/


This is my dovecot/ldap configuration below :

/*# dovecot.conf*
/
/passdb {//
//  driver = ldap//
//  args = /etc/dovecot/dovecot-ldap.conf//
//}/

*# dovecot-ldap.conf*

/hosts = myurl:myport//
//dn = cn=myuser,dc=mydomain,dc=com//
//dnpass = //
//a//uth_bind = yes//
//auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com//
//ldap_version = 3//
//base = ou=Users,dc=mydomain,dc=com//
//scope = base//
//default_pass_scheme = SSHA512
/
Do you have an idead ?

Kind regards.

--
Michael

Re: Master users

[Oscar del Rio]

On 06/ 7/17 05:55 PM, Noriyuki TAKEI wrote:

Hi,all

What version of dovecot supports master users?

Master users means as follows
https://wiki2.dovecot.org/Authentication/MasterUsers


since at least version 1.0beta (2006)

https://www.dovecot.org/doc/NEWS-1.2

v1.0.beta4 2006-04-02  Timo Sirainen 
+ Added support for "master users" who can log in as other people.
  The master username can be given either in authorization ID
  string with SASL PLAIN mechanism or by setting
  auth_master_user_separator and giving it within the normal username
  string.

Master users

[Noriyuki TAKEI]

Hi,all

What version of dovecot supports master users?

Master users means as follows
https://wiki2.dovecot.org/Authentication/MasterUsers
-- 
・‥…━━━…‥
サイオステクノロジー株式会社
技術部
クラウドソリューショングループ
武井 宜行
〒106-0047  東京都港区南麻布二丁目 12 番 3 号 サイオスビル
TEL：03-6401-5314 (直通) 03-6401-5117 (部代表)
URL：http://www.sios.com/

■SIOSの最新情報はこちらから！「いいね！」をお待ちしています■
(SIOS Technology)：http://www.facebook.com/SIOSTechnology
(OSSよろず相談室)：http://www.facebook.com/OSSyorozu

■Twitter公式アカウント■
https://twitter.com/#!/SIOS_Technology
・‥…━━━…‥

Re: Master users

[Noriyuki TAKEI]

Thanks for your quick reply!!

2017年6月8日(木) 7:28 Oscar del Rio :

>
> On 06/ 7/17 05:55 PM, Noriyuki TAKEI wrote:
> > Hi,all
> >
> > What version of dovecot supports master users?
> >
> > Master users means as follows
> > https://wiki2.dovecot.org/Authentication/MasterUsers
>
> since at least version 1.0beta (2006)
>
> https://www.dovecot.org/doc/NEWS-1.2
>
> v1.0.beta4 2006-04-02  Timo Sirainen 
> + Added support for "master users" who can log in as other people.
>The master username can be given either in authorization ID
>string with SASL PLAIN mechanism or by setting
>auth_master_user_separator and giving it within the normal username
>string.
>
-- 
・‥…━━━…‥
サイオステクノロジー株式会社
技術部
クラウドソリューショングループ
武井 宜行
〒106-0047  東京都港区南麻布二丁目 12 番 3 号 サイオスビル
TEL：03-6401-5314 (直通) 03-6401-5117 (部代表)
URL：http://www.sios.com/

■SIOSの最新情報はこちらから！「いいね！」をお待ちしています■
(SIOS Technology)：http://www.facebook.com/SIOSTechnology
(OSSよろず相談室)：http://www.facebook.com/OSSyorozu

■Twitter公式アカウント■
https://twitter.com/#!/SIOS_Technology
・‥…━━━…‥

doveadm sync SSL error when upgrading from 2.2.27 -> 2.2.29

[Pallissard, Matthew]

I'm starting to see the following error from doveadm when upgrading from 2.2.27 
to 2.2.29.   

> doveadm(ip.add.re.ss): Error: doveadm client disconnected before handshake: 
> SSL_accept() failed: error:1417A0C1:SSL 
> routines:tls_post_process_client_hello:no shared cipher

I'm using a cert/key with the following curve.
  ASN1 OID: prime256v1
  NIST CURVE: P-256

Downgrading to 2.2.27 resolves the issue.  Does anyone know about this off the 
top of their head?  If not I'll try to git-bisect 2.2.27->2.2.28 for any 
offending commits later on this week.

-- 
Matt Pallissard

doveadm ssl error when upgrading from 2.2.27 to 2.2.29

[Pallissard, Matthew]

I'm starting to see the following error when upgrading from 2.2.27 to 2.2.29.

doveadm(ip.add.re.ss): Error: doveadm client disconnected before handshake: 
SSL_accept() failed: error:1417A0C1:SSL 
routines:tls_post_process_client_hello:no shared cipher

Downgrading from 2.2.27 resolves, error still persists in 2.2.28.

I'm using openssl 1.1.0.f and an ec cert/key with the following curve.
  ASN1 OID: prime256v1
  NIST CURVE: P-256


Does anyone know anything about this off the top of their head? If not I'll try 
to git-bisect 2.2.27 -> 2.2.28 and see if I can find any offending commits 
later on this week.

-- 
Matt Pallissard

Any documentation around timeout states ?

[Matt Bryant]

Been seeing a number of proxy timouts recently with errors such as ...

timed out in state=4
timed out in state=2

Is there any doco around what state 2/4 actually means ... atm got
auth_debug on to see if we can track further information down

centos 7 x86_64
dovecot 2.2.19

rgds

Matt

Re: Which allowed services can be defined (imap, pop3, etc.)

[Malte Schmidt]

On 06/06/2017 03:18 PM, Steffen Kaiser wrote:
> (!(service=%s))
>
> or better name this attribute
>
> deniedService

Thanks, this is quite helpful already.

Regarding the other question about all the services that can be used
there, I tried to grep the source code for certain keywords but could
not really find anything useful with "service", "services" and some
service names (e. g. "imap", "smtp", "pop").


0xFF379C0C.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

namespace and folders

[Gregory Sloop]

Using mbox format
and this namespace

namespace {
  inbox = yes
  hidden = yes
  prefix = INBOX/
}

[Though I've also tried, seemingly, a million different namespace options to 
"fix" my problem.]
It's a migrated setup from a 1.x dovecot install from Ubuntu 12.04, now on 16.04

The problem is in TBird [I haven't tested with any other mail clients] and 
IMAP; with that name-space I get all the folders both at the root level [same 
as inbox], as well as below inbox.
[The same folders, pointing at the same underlying messages.]

For example, if there's a folder "blah" and I subscribe to it, "blah" shows 
both at the same level as inbox, as well as a sub-item of inbox.
If I unsubscribe from folder "blah" it also unsubscribes from the subfolder 
"blah" under inbox, and at the root level.
[I hope that's clear enough...]

This is not a terrible problem, but it's cosmetically ugly and confusing for 
users.
I'd prefer to only see these folders as subscribed as sub-folders [or 
sub-items] under inbox.

I'd guess I'm making some stupid beginner error, but I've not been able to 
figure it out, as of yet. Any help would be greatly appreciated.

-Greg

Dovecot login is slow

[Mitocariu Emilian]

Hi,

I have an Ubuntu 16.04 server with dovecot 2.2.22 configured as an imap
server with an LDAP backend for authentication. This is the output of
"dovecot -n":
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-77-generic x86_64 Ubuntu 16.04.2 LTS
auth_debug_passwords = yes
mail_gid = vmail
mail_location = maildir:~/
mail_privileged_group = mail
mail_uid = vmail
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocols = imap lmtp
service auth {
  unix_listener /var/spool/postfix/private/auth {
mode = 0666
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
  }
}
ssl_cert =