Re: Recommended tool for migrating IMAP servers

2017-12-04 Thread Harondel J. Sibble
Imapsync for sure. Have used it for both IMAP to IMAP and IMAP to Exchange 
migrations. Works great.


> On Dec 3, 2017, at 2:08 PM, x9p  wrote:
> 
> Hi,
> 
> I vouch for imapsync. Have used it in the past with quite a big amount of
> emails.
> 
> cheers.
> 
> x0p
> 
>> Hi Friends,
>> I would like to ask you a suggestion:
>> I need to migrate a imap server to a new one and then dismiss the old
>> one.
>> Reading from relative Dovecot documentation page
>> (https://wiki.dovecot.org/Migration), more tools are shown:
>> 
>> UW-IMAP's mailutil, imapsync, YippieMove and Larch.
>> 
>> The each mail servers are Linux based, one of this (mine) is Dovecot.
>> Based on your experience which of these tools would be preferable to
>> use?
>> 
>> 
>> Thank you very much
>> 
>> Davide
>> 
> 
> 



Re: sieve vacation script exclude based on sender email address

2016-06-04 Thread Harondel J. Sibble
On 1 Jun 2016 at 16:49, Stephan Bosch wrote:

> > I've been looking at the sieve docs and recipes, done a lot of googling but
> > no joy so far.
> >
> > Using stanard vacation script and that works great, however I want to
> > exclude certain sender email addressess from ever receiving a vacation
> > autoresponse, how do I go about adding that to my existing vacation recipe.
> >
> > I suspect my search terminology is what is causing me not to find anything
> > as I typically am using exclude and similar search terms.
> 
> Just use the envelope test:
> 
> https://tools.ietf.org/html/rfc5228#section-5.4
> 
> Regards,
> 
> Stephan.

Any recommendations for example usage, the RFC doesn't really tell me how to 
use it so that the 
vacation script will not reply if the header test turns out to be true.  I just 
want the email to be 
delivered without an autoresponse at that point.


-- 
Harondel J. Sibble 
Sibble Computer Consulting Ltd.
Creating Solutions for the small and medium business computer user.
haron...@pdscc.com (use pgp keyid 0x3CC3CFCE not 0x3AD5C11D) 
http://www.pdscc.com
Blog: http://www.pdscc.com/blog
(604) 739-3709 (voice)


sieve vacation script exclude based on sender email address

2016-05-31 Thread Harondel J. Sibble
I thought I'd asked this question a few years ago but can't seem to find any 
eveidence of that so 
here goes.

I've been looking at the sieve docs and recipes, done a lot of googling but no 
joy so far.

Using stanard vacation script and that works great, however I want to exclude 
certain sender 
email addressess from ever receiving a vacation autoresponse, how do I go about 
adding that to 
my existing vacation recipe.

I suspect my search terminology is what is causing me not to find anything as I 
typically am using 
exclude and similar search terms.
-- 
Harondel J. Sibble 
Sibble Computer Consulting Ltd.
Creating Solutions for the small and medium business computer user.
haron...@pdscc.com (use pgp keyid 0x3CC3CFCE not 0x3AD5C11D) 
http://www.pdscc.com
Blog: http://www.pdscc.com/blog
(604) 739-3709 (voice)


speaking of sieve scripts... how to selectively not send vacation autoreply

2015-04-04 Thread Harondel J. Sibble
Don't need to block anyone like in the Re: Dovecot Oy merger with
Open-Xchange AG thread, but when I have my vacation recipie active, I'd like
it to NOT reply to certain addresses.

I tried the following, you can see the section with

if header :contains addressidontw...@repliedtoo.tld

is commented out, once I'd added that section, no Vacation messages went out
at all.  Googling and reading the wiki and recipie suggestions doesn't make
it clear how to exempt a list of addresses from ever receiving a vacation
response.  Suggestions on additional reading or solutions?

require [fileinto, vacation];
if header :comparator i;ascii-casemap :contains Subject **SPAM**  {
    fileinto Trash;
    stop;
}

#if header :contains addressidontw...@repliedtoo.tld {
#   stop;
#}

vacation
  # Reply at most once a day to a same sender
  :days 1
  :subject Changes to email addresses effective Jan 01/15
  # List of recipient addresses which are included in the auto replying.
  # If a mail's recipient is not on this list, no vacation reply is sent for
it.
  :addresses [u...@repliedtoo.tld]

This is on a Dovecot 1.x system that is slated for an upgrade soon.

--
Harondel J. Sibble
Sibble Computer Consulting Ltd.
Creating Solutions for the small and medium business computer user.
haron...@pdscc.com (use pgp keyid 0x3CC3CFCE not 0x3AD5C11D)
http://www.pdscc.com
Blog: http://www.pdscc.com/blog
(604) 739-3709 (voice)


Re: speaking of sieve scripts... how to selectively not send vacation autoreply

2015-04-04 Thread Harondel J. Sibble


On 4 Apr 2015 at 12:19, Stephan Bosch wrote:

  #if header :contains addressidontw...@repliedtoo.tld {
  #   stop;
  #}
 
  vacation
# Reply at most once a day to a same sender
 
 You should really inspect your log files or test the scripts with the
 sieve-test command line tool. There is a syntax error in the part you
 commented out:
 
 error: the header test requires 2 positional argument(s), but 1 is/are
 specified.
 
 At delivery, this means that the script is not executed at all and the
 message is just filed into INBOX.
 
 Regards,
 
 Stephan.

I wasn't even aware of the sieve-test command, that'll really come in handy, 
thanks for that tip

I believe I based my entry on the 

if header :contains X-Spam-Level ** {
  discard;
  stop;
}

here and until you mentioned it, I did not realize the *'s were a second 
argument, I'd assumed it as part and parcel of the same argument.

wiki2.dovecot.org/Pigeonhole/Sieve/Examples#Spam.2BAC8-Virus_rules


I'll try the recipie RH posted

if address :is [From, Sender] [h.rei...@thelounge.net, 
nick.z.edwa...@gmail.com]
{
  discard;
}

modified as below

if address :is [From, Sender] [addressidontw...@repliedtoo.tld, 
otheraddressidontw...@repliedtoo.tld]
{
  stop;
}

-- 
Harondel J. Sibble 
Sibble Computer Consulting Ltd.
Creating Solutions for the small and medium business computer user.
haron...@pdscc.com (use pgp keyid 0x3CC3CFCE not 0x3AD5C11D) 
http://www.pdscc.com
Blog: http://www.pdscc.com/blog
(604) 739-3709 (voice)


[Dovecot] mixed client ssl certs and non cert

2008-10-23 Thread Harondel J. Sibble
How do I setup mixed authentication so that I can have say a couple of 
machines on my lan only use ssl without client certs, but have all the other 
machines connecting from remotely required to have ssl certs to connect to 
imap?

This is with Dovecot 1.1.4 on CentOS 5.2
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] dovecot and postfix with tls and dovecot sasl issues for smtp clients

2008-10-22 Thread Harondel J. Sibble


On 22 Oct 2008 at 20:37, Timo Sirainen wrote:

 I don't think Postfix ever sends the valid-cert parameter that's
 required for Dovecot to treat the authentication as valid.

Bummer, any suggested workarounds or should I be looking at a different MTA 
that is known to work with Dovecot's SASL implementation.
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] dovecot and postfix with tls and dovecot sasl issues for smtp clients

2008-10-22 Thread Harondel J. Sibble


On 22 Oct 2008 at 21:01, Timo Sirainen wrote:
 
 A quick look shows that Exim apparently sends the valid-client-cert
 parameter. Maybe it wouldn't be too difficult to modify Postfix's
 sources either.

I see there's been some discussion about this a few years ago

http://www.dovecot.org/list/dovecot/2008-August/032732.html
http://www.nabble.com/sasl-parameters-missing-td18820817.html

I guess I'll have to look at Exim in the interim.
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



[Dovecot] dovecot and postfix with tls and dovecot sasl issues for smtp clients

2008-10-21 Thread Harondel J. Sibble
): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
auth default:
  mechanisms: plain login
  debug: yes
  debug_passwords: yes
  ssl_require_client_cert: yes
  passdb:
driver: pam
  userdb:
driver: passwd
  socket:
type: listen
client:
  path: /var/spool/postfix/private/auth
  mode: 432
  user: postfix
  group: postfix

Interestingly enough the mode line in the dovecot.conf file is set as 0660, 
not 432 as noted above?!?!?

What else should I be looking at to troubleshoot this issue?
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] client certs with godaddy ssl cert

2008-10-12 Thread Harondel J. Sibble


On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote:

 What is important: you can not self-sign each client certificate, but
 you need a CA with a self-signed root instead. I think you understand
 that already, just noting that for completeness. 
 Then you simply configure Dovecot as described in 
 http://wiki.dovecot.org/SSL/DovecotConfiguration
 
 To sum it up: ssl_cert_file is responsible for server side TLS/SSL and
 needs to contain the complete verification path for the server
 certificate. It has no influence on client certs. ssl_ca_file is used
 for client cert verification only, and does not need to cover the
 server certificate. 
 
Okay, got this mostly working, currently testing with a Nokia e61i smartphone 
and having a problem which I'm not quote clear on where it lies, phone issue, 
postfix issue or dovecot sasl issue

Here's the problem, I can successfully authenticate to dovecot via imap using 
client certs, however when I attempt to send an email, that is giving me 
errors as follows

Oct 11 23:09:40 server postfix/smtpd[25720]: xsasl_dovecot_handle_reply: auth 
reply: FAIL?1?reason=Client didn't present valid SSL certificate
Oct 11 23:09:40 server postfix/smtpd[25720]: warning: 
unknown[192.xxx.yyy.zzz]: SASL LOGIN authentication failed: Client didn't 
present valid SSL certificate
Oct 11 23:09:40 server postfix/smtpd[25720]:  unknown[192.xxx.yyy.zzz]: 535 
5.7.0 Error: authentication failed: Client didn't present valid SSL 
certificate

On the phone, there is only the self signed personal cert used to 
authenticate for imap. Postfix is set to authenticate using the same self 
signed CA, server cert and server key.

Any ideas on what I should look at next?

I've already wiped all the certs from both the server and the phone and 
recreated a new CA, but same problem occurs.

Kinda out of ideas, any suggestions?
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] client certs with godaddy ssl cert

2008-10-09 Thread Harondel J. Sibble


On 8 Oct 2008 at 1:05, Harondel J. Sibble wrote:

 auth default {
   # Space separated list of wanted authentication mechanisms:
   #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
   mechanisms = plain
   ssl_require_client_cert = yes
 
 ssl_ca_file = /etc/pki/dovecot/certs/dovecot-clientcerts
 ssl_verify_client_cert = yes
 verbose_ssl = yes
 ssl_require_client_cert = yes
 
 The following is all I see on the connection attempt from the pda
 
 Oct  8 01:00:55 myserver dovecot: Dovecot v1.0.7 starting up
 Oct  8 01:01:51 myserver dovecot: imap-login: Disconnected: method=PLAIN, 
 rip=10.12.13.14, lip=10.12.13.14, TLS
 

The client side logs show the following at this point

2239561866 - 2008.10.9 16:11:54 R * CAPABILITY IMAP4rev1 SASL-IR SORT 
THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-
REFERRALS AUTH=PLAIN
2239561866 - 2008.10.9 16:11:54 R 0 OK Capability completed.
2239561866 - 2008.10.9 16:11:54 S 1 LOGIN  
2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0xE
2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0x68
2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0x68
2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0x65
2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0x66
2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0x67
2239561866 - 2008.10.9 16:11:54 IMAP4 ServerConnection SSL status: 0xF
2239561866 - 2008.10.9 16:11:54 R 1 NO Client didn't present valid SSL 
certificate
2239561866 - 2008.10.9 16:11:54 *** Non Critical Error: 0x80C40001
2239561866 - 2008.10.9 16:12:50 *** Critical Error: 0x80C40001
2239561866 - 2008.10.9 16:12:50 Connection failed - stopping all connections
2239561866 - 2008.10.9 16:12:50 Connection's SyncExecute finished
3325771946 - 2008.10.9 16:12:51 Stopping synchronization...
3325771946 - 2008.10.9 16:12:51 Forcing disconnection...
3325771946 - 2008.10.9 16:12:51 Synchronization stopped
2755981250 - 2008.10.9 16:12:51 Stopping existing connections (1 total)
2755981250 - 2008.10.9 16:12:51 Deleting connection...

-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] client certs with godaddy ssl cert

2008-10-09 Thread Harondel J. Sibble


On 9 Oct 2008 at 20:33, Timo Sirainen wrote:

 v1.1 logs more with verbose_ssl=yes.

1.0.7 doesn't log anything other than the initial connection :-(  Guess it's 
time to upgrade
 
  2239561866 - 2008.10.9 16:11:54 R 1 NO Client didn't present valid SSL 
  certificate

Note, this was the log from  the client side, not the server side.
 
 My guess would be that your client just doesn't support sending SSL
 client certificates. Or perhaps you'd need to configure it to do it
 somehow.

According to the client developer, it will automatically send the personal 
certificate, there is only a single one installed on the pda.
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] client certs with godaddy ssl cert

2008-10-09 Thread Harondel J. Sibble


On 9 Oct 2008 at 20:33, Timo Sirainen wrote:

 My guess would be that your client just doesn't support sending SSL
 client certificates. Or perhaps you'd need to configure it to do it
 somehow.

Well contrary to what WebIS tech support says, that looks to be the case as 
the same client cert imported into Thunderbird works perfectly.

-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] client certs with godaddy ssl cert

2008-10-08 Thread Harondel J. Sibble


On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote:

 What is important: you can not self-sign each client certificate, but you
 need 
 a CA with a self-signed root instead. I think you understand that already,
 just noting that for completeness.
 
 Then you simply configure Dovecot as described in 
 http://wiki.dovecot.org/SSL/DovecotConfiguration

Followed those directions, enabled the client side certificate checking, but 
no go.
 
 Then configure client cert verification as described in the last section of
 above mentioned wiki page.
 ssl_ca_file is used for client cert verification only, and does not need to
 cover the server certificate. 

Done, I have the following enabled.

auth default {
  # Space separated list of wanted authentication mechanisms:
  #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
  mechanisms = plain
  ssl_require_client_cert = yes

ssl_ca_file = /etc/pki/dovecot/certs/dovecot-clientcerts
ssl_verify_client_cert = yes
verbose_ssl = yes
ssl_require_client_cert = yes

Logs don't show anything of any interest, on the client side (windows mobile 
5 phone running Web IS's Flexmail4.

When I asked their tech support about using a client cert, I got this

Greetings and thank you for contacting us.

It should be using the certs which the PDA has installed.  Is the cert
installed (in the device settings  System  Certificates

We appreciate having the opportunity to help and service you. Please let
us know if there is anything more we can do.

I've verified that my root ca is installed on the pda and the personal cert 
is also installed.

The following is all I see on the connection attempt from the pda

Oct  8 01:00:55 myserver dovecot: Dovecot v1.0.7 starting up
Oct  8 01:01:51 myserver dovecot: imap-login: Disconnected: method=PLAIN, 
rip=10.12.13.14, lip=10.12.13.14, TLS

At this point the client device is stuck asking to confirm account 
credentials

-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] client certs with godaddy ssl cert

2008-10-05 Thread Harondel J. Sibble
Thanks, your detailed instructions were EXACTLY what I was looking for, I'll 
try them out and report back in a few days with the results.


On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote:

 Then you simply configure Dovecot as described in
 http://wiki.dovecot.org/SSL/DovecotConfiguration 
 
 In short: Put your godaddy SSl certificate, and then the complete
 hierachy of godaddy CA certificates (I don't know how many levels they
 have) in (e.g.) /etc/ssl/dovecot.pem, and set
 ssl_cert_file=/etc/ssl/dovecot.pem. Don't forget to set the path to
 your private key or add it to the beginning of your cert file. This
 handles SSL/TLS for the server. 
 

-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] client certs with godaddy ssl cert

2008-10-01 Thread Harondel J. Sibble


On 1 Oct 2008 at 10:37, Bill Cole wrote:

 I've heard so many conflicting stories about the X509/SSL/TLS capabilities
 of different mobile platforms that I don't know what to believe. 

I've got direct experience with a bunch of the platforms, so I am not all 
that concerned about that problem.


 I would expect that the Windows Mobile devices could use any cert you
 can construct, 

It needs a specific format, der encoded IIRC, other than that it works fine.

 and I know that *some* Palm mailers can deal with self-signed server certs
 and so could *probably* deal with client certs, but even that's an iffy

Back in my Palm days, the mail client I was using did support client certs, 
but that was a LONG time ago.

 proposition because so many Palm devices are carrier-customized in bad
 ways (particularly by Verizon.) 

My biz partner has a Telus Treo 700p or 750p. All my  devices are unlocked 
phones so that's not a problem.


 I've seen enough stupid failure when asking for client certs that I
 wouldn't try it with any platform where the vendor does not clearly
 explain how to do it. 

The vendor as in the cellular telco? Bah, I pretty much ignore what they have 
to say. Or do you mean the OS vendor?  There's plenty of info on the net 
about that and I've rarely had problems.
 
 Dovecot does have to trust the signing cert for the clients (i.e. it can't
 just be looking at some default bundle of commercial CA's) but that's not
 really connected to its server cert.

Yes, I thought so and that is exactly the crux of my problem, how do I get 
dovecot to trust both cert chains, GoDaddy and my self signed client certs 
simultaneously? I can't seem to find anything on that specific issue.
 
 This can't just be about education. 

With the 2 other people I'll be dealing with, it's enough, I continually beat 
the security drum to them, they used to say I was just too paranoid, now when 
I say, events have shown I wasn't paranoid enough, they nod sagely :-)  Every 
now and then I have to hit them with a clue stick, but they've come a long 
way.

 The vast majority of users will not tolerate having to enter a
 worthwhile password every time they want to make a mail connection
 unless it is forced on them, particularly on a device with a tiny
 keyboard. 

Woah, lets make the disctinction between technically inclided people who 
understand the risks and regular users.  The 2 folks in question are of the 
former variety.  I am well aquainted with the latter variety amongst my 
clients.  They'd rather shoot themselves in the foot so they can have ease of 
use, I am quite familiar with dealing with them


 You partners may need to be told clearly that if they cannot or will
 not enforce frequent password entry on end-users in some fashion,
 client certs are literally worthless and any effort (or money) spent to
 make them work initially or support them in the future is wasted. 

At this point that's a secondary issue, I just want to get it working for MY 
use, once we get our colo equipment updated, then I can implement it for 
them, knowing full well that they don't view security as seriously as I do, 
hence the reason I'll probably always have my own gear under my control.
 
 An alternative approach that might be easier to implement on some
 platforms (certainly on Palm and iPhone) would be to force the device
 to lock on 

Couldn't care less about the iPhone at this point since it doesn't offer much 
of the business functionality I expect, maybe in 3-6 months, who know.

 extended idle, network disconnect, or reset, requiring a password to
 unlock it. That enforces a something you know on the whole device,
 rather than just on mail.

Makes sense, I already do that with devices under my control as a matter of 
course.


-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] client certs with godaddy ssl cert

2008-09-29 Thread Harondel J. Sibble


On 29 Sep 2008 at 10:43, Bill Cole wrote:

 Right. You need to keep track of what client certs you trust, so you really
 should be *at least* the immediate issuer (signer) of the client certs. The
 only reasons you would want your signing cert for those client certs to have
 a commercial issuer would be:

That's my intent to have full control over the client certs hence the reason 
for going with self signed certs for the client side.
 
 1. You want the client certs to be generally usable with those devices and
 servers other than your own.

I do not, this is only for use with my infrastructure and will be limited to 
a small handfull of people.
 
 2. The devices do not support the addition of new root certificates (i.e.
 your signing cert.)

Mix of devices, but primarily windows mobile, palm, symbian and blackberry 
handhelds.  There will also be a few laptops.

 It is also likely to be irrelevant. The signature chain of a server's cert
 does not influence what signing chain a client cert needs to have.

Ohh I was wondering about that...

Okay then so as long as Dovecot is set to check client certs and the client 
cert presented matches the check points, CN, domain name, user email etc, 
it'll just work?
 
 That is only true if you are using a dependable mechanism to assure that 
 users will actually be required to enter a password live rather than have 
 their mail client save it

I've already beat that one into the couple of business partners that will be 
making use of this.  Personally I don't ever save passwords, in browsers or 
otherwise as a matter of course so not an issue for me.

-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] client certs with godaddy ssl cert

2008-09-28 Thread Harondel J. Sibble


On 27 Sep 2008 at 13:22, mouss wrote:

 if you have a commercial cert, you don't need a self signed cert. self 
 signed certs are for people who don't want to get a cert signed by a 3d 
 party (commercial or other). For email, you generally don't need a 
 commercial certificate because your users know you and you know them, 
 and because users don't connect to thousand imap servers.

Huh? I am looking to implement client side certificates which have to be 
installed on the end user device before they are able to connect to my 
mailserver.

I already have a commercial cert on the mailserver so that's a moot point.  
Secondly a client cert allows me to verify that the device connecting is 
allowed, this is secondary to any login info the user may have, ie 2 factor 
authentication, something you know (uid/password) and something you have 
(certificate).
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



[Dovecot] client certs with godaddy ssl cert

2008-09-26 Thread Harondel J. Sibble
I've read the client ssl cert section in the wiki and it talks about using a 
self signed cert, if I am using a commercial cert, in this case godaddy, how 
do I implement a self signed cert for the client side and have dovecot make 
use of this?  I know the mechanics of setting up the self signed ca, the 
question is more what configuration changes do I need to make in dovecot to 
handle both godaddy and the self signed ca functionality?

Thanks
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] syncml with server push email

2008-08-27 Thread Harondel J. Sibble


On 27 Aug 2008 at 9:57, Steve Roemen wrote:

 I use Funambol to push email to clients, I'm using courier at the moment 
 (that's going to change here in a few), but using it on dovecot 
 shouldn't matter.  I ran into the time problem too, and found that I had 
 to set the client's timezone preference and set it to force a conversion 
 within the admin package.

Interesting, was that on 7.x or previous, I experienced the tz problem on 6.5 
and there was a lot of discussion on the funambol list about this issue, it 
was determined to be a problem with the conversion from ical to vcal (and 
also different versions of ical) by the server.  After about 8 months of that 
I went to eGroupWare and haven't looked back as it offers more functionality 
and it's syncml just works, but it doesn't seem to have support for email, so 
I reinstalled funambol yesterday, but that brought up another problem. I am 
using a windows mobile device that I want to do pushed email syncing with.  
Because of numerous problems with the Funambol Windows Mobile client, I ended 
up buying the Synthesis SyncML Pro client, however it comes up with a 10415 
error on sync, which according to google means it doesn't support the same 
email data type so no go there.

https://core.forge.funambol.org/ds/viewMessage.do?dsForumId=416dsMessageId=15
947orderBy=createDateorderType=desc

The connection works fine as I can see the traffic in the funambol logs and 
the connection to the dovecot server on the same machine, so I'll probably 
give a funambol client another try to see what happens, but having to use 2 
different clients on the same pda phone to stay synced kinda sucks.

My temporary goal is to use it to push email to a Nokia E61i since my 
provider no longer offers BlackBerry Connect and then go back to a new 
Windows Mobile Smartphone I have on order (O2 XDA Flame)

Which reminds me, is it possible to use sieve in the mix so that I can 
control what messages get forwarded to the phone rather than the whole kit 
and kaboodle, so mail comes into dovecot, runs through sieve and the stuff 
that the sieve rules allow, gets forwarded to the phone by funambol?

-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



[Dovecot] syncml with server push email

2008-08-26 Thread Harondel J. Sibble
Any recommendations for server push email using syncml and dovecot?

I am familiar with Funambol for syncing pim info, but not used it for email.

Are there any recommended opensource or commercial syncml servers that are 
known to integrate nicely with Dovecot 1.x?  Googling hasn't really turned up 
much in the way of useful info.

To mix it up a little, I was using Funambol for the Pim stuff, but ran into a 
bunch of issues and switched to eGroupWare which has it's own syncml ability 
which works quite nicely with my pda. I stopped using Funambol as the server 
didn't properly deal with the conversion from vcal to ical and as a result 
appointments synced on the pda end, always ended up 8 hours early :-( This 
was going from ThunderBird to Windows Mobile, so I am hoping to avoid this 
happening again.
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] problems with sieve and lda

2008-08-12 Thread Harondel J. Sibble


On 11 Aug 2008 at 8:24, Eduardo M KALINOWSKI wrote:

 How are you calling deliver in postfix? Do you see in postfix's logs the
 messages being handled to deliver?


Hmm, oddly enough, adding a .forward in the users home dir with 

| /usr/libexec/dovecot/deliver

Then everything works. Any ideas why?  According to everything I've read 
including the wiki, that shouldn't be necessary.



-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] problems with sieve and lda

2008-08-11 Thread Harondel J. Sibble


On 11 Aug 2008 at 8:24, Eduardo M KALINOWSKI wrote:

 To use -d ACCOUNT, you need a master socket where deliver looks up
 user information: see the Virtual Users section in
 http://wiki.dovecot.org/LDA . But if you are not using virtual users
 (and only used -d to test), you should not need it. 

Yes, that's what I figured, the lda/postfix link in the wiki makes it seem 
really simple, change one setting and you're done.
 
 How are you calling deliver in postfix? Do you see in postfix's logs the
 messages being handled to deliver?

Exactly as noted at the wiki page above which says all I need to do is enter 
the proper path to deliver in mailbox_command in main.cf.

With this set, emails make it to the inbox but I never see ANY reference to 
deliver in the logs, it's only when I run the deliver command manually from 
the cli or enabled the changes in the master.cf that anything shows up in the 
deliver log.
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] problems with sieve and lda

2008-08-11 Thread Harondel J. Sibble


On 11 Aug 2008 at 6:35, Charles Marcus wrote:

 If I'm not mistaken, sieve support has improved dramatically in the 
 latest versions (1.1.2 being the current).
 
 Use the atrpms repo...

Sure, I see that in the version history, but that won't necessarily solve the 
current problem I am having where deliver is not triggering at all.
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



Re: [Dovecot] problems with sieve and lda

2008-08-11 Thread Harondel J. Sibble


On 11 Aug 2008 at 8:24, Eduardo M KALINOWSKI wrote:

 How are you calling deliver in postfix? Do you see in postfix's logs the
 messages being handled to deliver?


Well, I seem to have made the problem worse as I was adjusting settings 
throughout the day.

Here's where I am at, if I now enable

mailbox_transport = dovecot

I get the following in /var/log/maillog and mail doesn't get delivered


Aug 11 18:21:50 servername postfix/local[9858]: warning: connect #7 to 
subsystem private/dovecot: Connection refused
Aug 11 18:22:00 servername postfix/local[9858]: warning: connect #8 to 
subsystem private/dovecot: Connection refused
Aug 11 18:22:10 servername postfix/local[9858]: warning: connect #9 to 
subsystem private/dovecot: Connection refused
Aug 11 18:22:20 servername postfix/local[9858]: warning: connect #10 to 
subsystem private/dovecot: Connection refused
Aug 11 18:22:30 servername postfix/local[9858]: fatal: connect #11 to 
subsystem private/dovecot: Connection refused
Aug 11 18:22:31 servername postfix/qmgr[9838]: warning: premature end-of-
input on private/local socket while reading input attribute name
Aug 11 18:22:31 servername postfix/qmgr[9838]: warning: private/local socket: 
malformed response
Aug 11 18:22:31 servername postfix/qmgr[9838]: warning: transport local 
failure -- see a previous warning/fatal/panic logfile record for the problem 
description
Aug 11 18:22:31 servername postfix/master[9836]: warning: process 
/usr/libexec/postfix/local pid 9858 exit status 1
Aug 11 18:22:31 servername postfix/master[9836]: warning: 
/usr/libexec/postfix/local: bad command startup -- throttling
Aug 11 18:22:31 servername postfix/qmgr[9838]: 25BC982BF7: 
to=[EMAIL PROTECTED], orig_to=[EMAIL PROTECTED], relay=none, 
delay=101, delays=0.04/101/0/0, dsn=4.3.0, status=deferred (unknown mail 
transport error)

disable that setting in main.cf, restart postfix and flush the queue and all 
is good again.

This happen's with both the config file I was working on today and also with 
the one I had yesterday when I started this thread.

Looks like I was getting this yesterday too, but slightly different

Aug 10 18:29:17 servername postfix/local[11905]: warning: connect #1 to 
subsystem private/dovecot: No such file or directory
Aug 10 18:29:27 servername postfix/local[11905]: warning: connect #2 to 
subsystem private/dovecot: No such file or directory
Aug 10 18:29:37 servername postfix/local[11905]: warning: connect #3 to 
subsystem private/dovecot: No such file or directory

Although I suspect that was when I had enabled the transport changes in 
master.cf just for testing purposes.  The logs show connection refused stuff 
only happening today.  Googling's coming up with squat.
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)



[Dovecot] problems with sieve and lda

2008-08-10 Thread Harondel J. Sibble
Okay, after reading the wiki and list archives, I am confused.

I am attemping to get the deliver LDA working on a centos 5.1 system

# rpm -qa | grep dovecot
dovecot-1.0.7-2.el5
dovecot-sieve-1.0.2-6.el5
# rpm -qa | grep postfix
postfix-2.3.3-2

so that I can use Sieve for mail filtering to imap folders, I am using the 
mbox format

Following the wiki here for system users

http://wiki.dovecot.org/LDA/Postfix

I never get any info in the logs about cmusieve, the only way I see anything 
show up is if I add the transport settings to postfix/master.cf or see below

From reading the list archives, as best as I can tell, the only time I need 
to make the changes in postfix's master.cf is if I am using a virtual 
environment, otherwise for local delivery, all I need is the mailbox_command 
setting in postfix/main.cf

However with that setting, I get nothing! If I then run deliver from the 
command line as per a couple of mailling postings,

cat /etc/hosts | /usr/libexec/dovecot/deliver -d [EMAIL PROTECTED] -f 
[EMAIL PROTECTED]

I get 

deliver([EMAIL PROTECTED]): Aug 10 22:07:17 Info: Loading modules 
from directory: /usr/lib/dovecot/lda
deliver([EMAIL PROTECTED]): Aug 10 22:07:17 Info: Module loaded: 
/usr/lib/dovecot/lda/lib90_cmusieve_plugin.so
deliver([EMAIL PROTECTED]): Aug 10 22:07:17 Error: Can't connect to 
auth server at /var/run/dovecot/auth-master: No such file or directory

Config stuff (dovecot -n)

# 1.0.7: /etc/dovecot.conf
log_path: /var/log/dovecot/dovecot.log
info_log_path: /var/log/dovecot/dovecot.log
protocols: imaps pop3s
listen(default): *:143
listen(imap): *:143
listen(pop3): [::]
ssl_listen(default): *:943
ssl_listen(imap): *:943
ssl_listen(pop3):
ssl_cert_file: /etc/pki/dovecot/certs/dovecot.cert
ssl_key_file: /etc/pki/tls/private/my.domain.tld.key
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_location: 
mbox:~/mail:INBOX=/var/spool/mail/%u:INDEX=~/mail/.imap/.imap/indexes/
mail_debug: yes
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
auth default:
  passdb:
driver: pam
  userdb:
driver: passwd

postfix/main.cf has

mailbox_commmand = /usr/libexec/dovecot/deliver

A .dovecot.sieve file with the following contents for testing purposes is 
located at ~/mail

require fileinto;
if header :comparator i;ascii-casemap :contains Subject **SPAM**  {
fileinto Trash;
stop;
}


The LDA section from the dovecot.conf file

protocol lda {
  # Address to use when sending rejection mails.
  # postmaster_address = 
  # Hostname to use in various parts of sent mails, eg. in Message-Id.
  # Default is the system's real hostname.
  #hostname =
  # Support for dynamically loadable plugins. mail_plugins is a space 
separated
  # list of plugins to load.
  mail_plugin_dir = /usr/lib/dovecot/lda
  mail_plugins = cmusieve
  # Binary to use for sending mails.
  #sendmail_path = /usr/lib/sendmail
  # UNIX socket path to master authentication server to find users.
  #auth_socket_path = /var/run/dovecot/auth-master
  #sieve_global_path =
  script_path = ~/.dovecot.sieve
  log_path = /var/log/dovecot/deliverlog
  info_log_path = /var/log/dovecot/deliverlog
  debug = yes
}

What am I missing here to getting this working
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
[EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)  (604) 686-2253 (pager)